A Game Theoretic Approach to Modelling Jamming Attacks in Delay Tolerant Networks

Cyberspace plays a prominent role in our social, economic and civic welfare and cyber security issues are of paramount importance today. Growing reliance of the intertwined military and civilian applications on wireless computer networks makes these networks highly vulnerable to attacks of which jamming attacks are a vital and exigent problem. In this paper, we study defence against jamming attacks as game in a delay tolerant network, with two adversarial players: the jammer playing against the transmitter. The transmitters seek to choose an optimal time to schedule his transmission securely, so as to maximize the probability of successful delivery before his session expires, while these transmissions are subject to inference from the jammer, who attempts to minimize this probability . We design strategies for the transmitters that offset transmission period based inference of network traffic by the jammer. We model these interactions and decisions as a game and use simulation as a tool to evaluate the games. Probability distribution functions over finite set of strategies are proposed to compute the expected payoff of both the players. Simulation results are used to evaluate the expected payoff along with the resulting equilibrium in cases where players are biased and unbiased. These results are used to strategically decide on the optimal time for both the players, and evaluate the efficiency of the strategies used by the transmitters against jammer attacks.

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

Quantitative Verification and Synthesis of Attack-Defence Scenarios

Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system

Managing Security Risks Using Attack-Defense Trees

Nagu mujal valdkondades, kasvab tänapäeval vajadus turvalisuse järele, nii ka ärimaailmas. Käesolev magistritöö üritab seda probleemi lahendada kasutades riskianalüüsi diagrammi mudelit, mida inglise keeles nimetatakse Attack Tree.ISSRM (Information System Security Risk Managment) on mudel, mis käsitleb kõiki olulisi riskianalüüsi aspekte, on lihtsalt arusaadav ja annab olukorrast kiire ülevaate. Laiendustena on olemas mõned sellised riskianalüüsi diagrammid, kuid ükski neist pole võimeline käsitlema kõiki võimalikke ohuolukordi. See paneb diagrammi kasutamisele piirid, kuna ei arvesta võimalikke vastumeetmeid ohtudele, ega ohuallika profiili.Antud magistritöö pakub sellele probleemile kolmeosalist lahendust.1. luua sild riskianalüüsi puu osast, mis käsitleb kaitsetehnikaid (Attack Defence Tree), kuni ISSRM mudelini;2. arvestades minevikus ette tulnud riske, riskifaktorite tõenäolisuse ja nendega seotud kulutuste mõõteparameetrite väljatöötamine;3. tööriista kasutamine, mis on välja töötatud antud riskianalüüsipuu abil.Selliselt loodud sild aitab leida veel avastamata aspekte riskianalüüsi puus. Lisades sellise laienduse, on riskianalüüsi puu täielikum ja muudab ISSRM-i mudeli mitmekülgsemaks. Selleks, et riske paremini analüüsida, on kasulik arvestada ka minevikus ette tulnud ohte ning neid matemaatiliselt uurida tõenäolisuse aspektist, et minimeerida sarnaste ohuolukordade taastekkimise tõenäosust. Magistritöö tegemise käigus välja töötatud tööriist (Aligned Attack-Defense Tree or A-ADTree) on võimekam riski tõenäosusele hinnangu andmisel teistest juba olemasolevatest versioonidest. Antud tööriist annab riskianalüüsi hindajatele rohkem võimalusi võimalike ohuolukordade lahendamiseks ja ennetamiseks. Kuna siin kasutatud modelleerimiskeeled on juba sobitatud ISSRM mudeliga, võimaldab antud töös välja töötatud laiendus luua enam seoseid selle ning teiste modelleerimiskeelte (nt Secure BPMN, Misuse-case diagram, Secure TROPOS, and Mal-Activity diagram) vahel ka tulevikus.Nowadays there is an increasing demand for answering the security needs in systematic ways. The In this thesis, we have addressed risk management using Attack Tree.Information System Security Risk Management (ISSRM) is a model which covers all the important concepts in risk management. Also, attack trees are simple and efficient tools for showing the risks. There are few extensions of attack trees, but none of them covers all risk concepts. The said problem limited the usage of attack tree model since it does not consider important measures such as countermeasures, or threat agent’s profile.The contribution to resolve the problem in this thesis includes three steps. Obtaining an alignment from Attack-Defense trees to ISSRM. Measurement of the metrics of the nodes of tree using historical dataImplementation of a tool based on obtained tree.Using the alignment, we have detected the uncovered concepts in Attack-Defense tree. Then we tried to add these concepts to the current Attack-Defense tree. Therefore, the new Attack-Defense tree (called Aligned Attack-Defense tree or A-ADTree) covers most important concepts of ISSRM. In order to measure the risk, we have proposed a mathematical model to evaluate the probability of the nodes in the tree, based on historical data. Then, implemented tool helps to materialize the effect of threat agent’s profile, and countermeasures on the risks. The result of implemented tool shows, the obtained A-ADTree has more capabilities (in the evaluation of the probability of risk) in comparison to previous versions. This solution is capable of giving more hints for the project managers when they are deciding about possible solutions in industries. Additionally, this alignment helps to obtain another alignment between A-ADTree and the other modeling languages in future, since these modeling languages are already aligned to ISSRM

Interdependent Defense Games with Applications to Internet Security at the Level of Autonomous Systems

We propose interdependent defense (IDD) games, a computational game-theoretic framework to study aspects of the interdependence of risk and security in multi-agent systems under deliberate external attacks. Our model builds upon interdependent security (IDS) games, a model by Heal and Kunreuther that considers the source of the risk to be the result of a fixed randomized-strategy. We adapt IDS games to model the attacker’s deliberate behavior. We define the attacker’s pure-strategy space and utility function and derive appropriate cost functions for the defenders. We provide a complete characterization of mixed-strategy Nash equilibria (MSNE), and design a simple polynomial-time algorithm for computing all of them for an important subclass of IDD games. We also show that an efficient algorithm to determine whether some attacker’s strategy can be a part of an MSNE in an instance of IDD games is unlikely to exist. Yet, we provide a dynamic programming (DP) algorithm to compute an approximate MSNE when the graph/network structure of the game is a directed tree with a single source. We also show that the DP algorithm is a fully polynomial-time approximation scheme. In addition, we propose a generator of random instances of IDD games based on the real-world Internet-derived graph at the level of autonomous systems (≈27 K nodes and ≈100 K edges as measured in March 2010 by the DIMES project). We call such games Internet games. We introduce and empirically evaluate two heuristics from the literature on learning-in-games, best-response gradient dynamics (BRGD) and smooth best-response dynamics (SBRD), to compute an approximate MSNE in IDD games with arbitrary graph structures, such as randomly-generated instances of Internet games. In general, preliminary experiments applying our proposed heuristics are promising. Our experiments show that, while BRGD is a useful technique for the case of Internet games up to certain approximation level, SBRD is more efficient and provides better approximations than BRGD. Finally, we discuss several extensions, future work, and open problems

Future pHealth Ecosystem-Holistic View on Privacy and Trust

Modern pHealth is an emerging approach to collecting and using personal health information (PHI) for personalized healthcare and personalized health management. For its products and services, it deploys advanced technologies such as sensors, actuators, computers, mobile phones, etc. Researchers have shown that today’s networked information systems, such as pHealth ecosystems, miss appropriate privacy solutions, and trust is only an illusion. In the future, the situation will be even more challenging because pHealth ecosystems will be highly distributed, dynamic, increasingly autonomous, and multi-stakeholder, with the ability to monitor the person’s regular life, movements, emotions, and health-related behavior in real time. In this paper, the authors demonstrate that privacy and trust in ecosystems are system-level problems that need a holistic, system-focused solution. To make future pHealth ethically acceptable, privacy-enabled, and trustworthy, the authors have developed a conceptual five-level privacy and trust model as well as a formula that describes the impact of privacy and trust factors on the level of privacy and trust. Furthermore, the authors have analyzed privacy and trust challenges and possible solutions at each level of the model. Based on the analysis performed, a proposal for future ethically acceptable, trustworthy, and privacy-enabled pHealth is developed. The solution combines privacy as personal property and trust as legally binding fiducial duty approaches and uses a blockchain-based smart contract agreement to store people’s privacy and trust requirements and service providers’ promises.Peer reviewe

Deception in Game Theory: A Survey and Multiobjective Model

Game theory is the study of mathematical models of conflict. It provides tools for analyzing dynamic interactions between multiple agents and (in some cases) across multiple interactions. This thesis contains two scholarly articles. The first article is a survey of game-theoretic models of deception. The survey describes the ways researchers use game theory to measure the practicality of deception, model the mechanisms for performing deception, analyze the outcomes of deception, and respond to, or mitigate the effects of deception. The survey highlights several gaps in the literature. One important gap concerns the benefit-cost-risk trade-off made during deception planning. To address this research gap, the second article introduces a novel approach for modeling these trade-offs. The approach uses a game theoretic model of deception to define a new multiobjective optimization problem called the deception design problem (DDP). Solutions to the DDP provide courses of deceptive action that are efficient in terms of their benefit, cost, and risk to the deceiver. A case study based on the output of an air-to-air combat simulator demonstrates the DDP in a 7 x 7 normal form game. This approach is the first to evaluate benefit, cost, and risk in a single game theoretic model of deception