21,532 research outputs found
Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats
Advanced persistent threats (APTs) are stealthy attacks which make use of
social engineering and deception to give adversaries insider access to
networked systems. Against APTs, active defense technologies aim to create and
exploit information asymmetry for defenders. In this paper, we study a scenario
in which a powerful defender uses honeynets for active defense in order to
observe an attacker who has penetrated the network. Rather than immediately
eject the attacker, the defender may elect to gather information. We introduce
an undiscounted, infinite-horizon Markov decision process on a continuous state
space in order to model the defender's problem. We find a threshold of
information that the defender should gather about the attacker before ejecting
him. Then we study the robustness of this policy using a Stackelberg game.
Finally, we simulate the policy for a conceptual network. Our results provide a
quantitative foundation for studying optimal timing for attacker engagement in
network defense.Comment: Submitted to the 2019 Intl. Symp. Modeling and Optimization in
Mobile, Ad Hoc, and Wireless Nets. (WiOpt
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
- …