3 research outputs found
Multi-rate Threshold FlipThem
A standard method to protect data and secrets is to apply threshold cryptography in the form of secret sharing. This is motivated by the acceptance that adversaries will compromise systems at some point; and hence using threshold cryptography provides a defence in depth. The existence of such powerful adversaries has also motivated the introduction of game theoretic techniques into the analysis of systems, e.g. via the FlipIt game of van Dijk et al. This work further analyses the case of FlipIt when used with multiple resources, dubbed FlipThem in prior papers. We examine two key extensions of the FlipThem game to more realistic scenarios; namely separate costs and strategies on each resource, and a learning approach obtained using so-called fictitious play in which players do not know about opponent costs, or assume rationality
Enhancing Network Resilience through Machine Learning-powered Graph Combinatorial Optimization: Applications in Cyber Defense and Information Diffusion
With the burgeoning advancements of computing and network communication technologies,
network infrastructures and their application environments have become
increasingly complex. Due to the increased complexity, networks are more prone to
hardware faults and highly susceptible to cyber-attacks. Therefore, for rapidly growing
network-centric applications, network resilience is essential to minimize the impact
of attacks and to ensure that the network provides an acceptable level of services
during attacks, faults or disruptions. In this regard, this thesis focuses on developing
effective approaches for enhancing network resilience. Existing approaches for enhancing
network resilience emphasize on determining bottleneck nodes and edges in the
network and designing proactive responses to safeguard the network against attacks.
However, existing solutions generally consider broader application domains and possess
limited applicability when applied to specific application areas such as cyber defense
and information diffusion, which are highly popular application domains among cyber
attackers. These solutions often prioritize general security measures and may not
be able to address the complex targeted cyberattacks [147, 149]. Cyber defense and
information diffusion application domains usually consist of sensitive networks that
attackers target to gain unauthorized access, potentially causing significant financial
and reputational loss.
This thesis aims to design effective, efficient and scalable techniques for discovering
bottleneck nodes and edges in the network to enhance network resilience in cyber defense
and information diffusion application domains. We first investigate a cyber defense graph optimization problem, i.e., hardening active directory systems by discovering
bottleneck edges in the network. We then study the problem of identifying bottleneck
structural hole spanner nodes, which are crucial for information diffusion in the
network. We transform both problems into graph-combinatorial optimization problems
and design machine learning based approaches for discovering bottleneck points vital
for enhancing network resilience. This thesis makes the following four contributions.
We first study defending active directories by discovering bottleneck edges in the
network and make the following two contributions. (1) To defend active directories by
discovering and blocking bottleneck edges in the graphs, we first prove that deriving
an optimal defensive policy is #P-hard. We design a kernelization technique that
reduces the active directory graph to a much smaller condensed graph. We propose an
effective edge-blocking defensive policy by combining neural network-based dynamic
program and evolutionary diversity optimization to defend active directory graphs.
The key idea is to accurately train the attacking policy to obtain an effective defensive
policy. The experimental evaluations on synthetic AD attack graphs demonstrate
that our defensive policy generates effective defense. (2) To harden large-scale active
directory graphs, we propose reinforcement learning based policy that uses evolutionary
diversity optimization to generate edge-blocking defensive plans. The main idea is
to train the attacker’s policy on multiple independent defensive plan environments
simultaneously so as to obtain effective defensive policy. The experimental results
on synthetic AD graphs show that the proposed defensive policy is highly effective,
scales better and generates better defensive plans than our previously proposed neural
network-based dynamic program and evolutionary diversity optimization approach. We
then investigate discovering bottleneck structural hole spanner nodes in the network
and make the following two contributions. (3) To discover bottleneck structural
hole spanner nodes in large-scale and diverse networks, we propose two graph neural
network models, GraphSHS and Meta-GraphSHS. The main idea is to transform the
SHS identification problem into a learning problem and use the graph neural network
models to learn the bottleneck nodes. Besides, the Meta-GraphSHS model learns generalizable knowledge from diverse training graphs to create a customized model that
can be fine-tuned to discover SHSs in new unseen diverse graphs. Our experimental
results show that the proposed models are highly effective and efficient. (4) To
identify bottleneck structural hole spanner nodes in dynamic networks, we propose a
decremental algorithm and graph neural network model. The key idea of our proposed
algorithm is to reduce the re-computations by identifying affected nodes due to updates
in the network and performing re-computations for affected nodes only. Our graph
neural network model considers the dynamic network as a series of snapshots and
learns to discover SHS nodes in these snapshots. Our experiments demonstrate that
the proposed approaches achieve significant speedup over re-computations for dynamic
graphs.Thesis (Ph.D.) -- University of Adelaide, School of Computer and Mathematical Sciences, 202