Mean-field-game model for Botnet defense in Cyber-security

We initiate the analysis of the response of computer owners to various offers of defence systems against a cyber-hacker (for instance, a botnet attack), as a stochastic game of a large number of interacting agents. We introduce a simple mean-field game that models their behavior. It takes into account both the random process of the propagation of the infection (controlled by the botner herder) and the decision making process of customers. Its stationary version turns out to be exactly solvable (but not at all trivial) under an additional natural assumption that the execution time of the decisions of the customers (say, switch on or out the defence system) is much faster that the infection rates

The Challenges in SDN/ML Based Network Security : A Survey

Machine Learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking (SDN) emerge. Sitting at the application layer and communicating with the control layer, machine learning based SDN security models exercise a huge influence on the routing/switching of the entire SDN. Compromising the models is consequently a very desirable goal. Previous surveys have been done on either adversarial machine learning or the general vulnerabilities of SDNs but not both. Through examination of the latest ML-based SDN security applications and a good look at ML/SDN specific vulnerabilities accompanied by common attack methods on ML, this paper serves as a unique survey, making a case for more secure development processes of ML-based SDN security applications.Comment: 8 pages. arXiv admin note: substantial text overlap with arXiv:1705.0056

Corruption and botnet defense : a mean field game approach

Recently developed toy models for the mean-field games of corruption and botnet defence in cyber-security with three or four states of agents are extended to a more general mean-field-game model with 2d states, d∈N . In order to tackle new technical difficulties arising from a larger state-space we introduce new asymptotic regimes, namely small discount and small interaction asymptotics. Moreover, the link between stationary and time-dependent solutions is established rigorously leading to a performance of the turnpike theory in a mean-field-game setting

Territorial behavior and the economics of Botnets

This paper looks at the economics associated with botnets. This research can be used to calculate territorial sizes for online criminal networks. Looking at the types of systems we can compare the time required to maintain the botnet against the benefits received. In doing this it will be possible to formulate economic defence strategies that reduce the benefits received through the control of the botnet. We look at the decision to be territorial or not from the perspective of the criminal bot-herder. This is extended to an analysis of territorial size. The criminal running a botnet seeks to maximize profit. In doing this they need analyse the costs expended and benefits received against the territorial size. The result is a means to calculate the optimal size of the botnet and the expected returns. This information can be used to formulate security strategies that are designed to reduce the profitability of criminal botnets