A Game Theoretic approach based virtual machine migration for cloud environment security

In cloud computing environment, static configurations can provide for the attackers an environment too easy for exploitation and discovering the network vulnerabilities in order to compromise the network and launching intrusions; while dynamic reconfiguration seeks to develop a virtual machine (VM) migration over the cloud by applying unpredictability of network configuration’s change, and thus improving the system security. In this work a novel approach that performs proactive and reactive measures to ensure a high availability and to minimize the attack surface using VM migration is proposed. This interaction between attack and defense systems was formulated as game model. As result, we have calculated the Nash equilibrium and the utilities for the both attacker and defender, evaluate the parameters which can maximize the defender’s utility when the VM migration was planned and identify the potential attack paths. Therefore, the effectiveness of the game model was validated by some numerical results that determine optimal migration strategies in order to ensure the security of the system

A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention

Copyright © Taylor & Francis Group, LLC. Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks

Micro Smart Micro-grid and Its Cyber Security Aspects in a Port Infrastructure

Maritime ports are intensive energy areas with a plenty of electrical systems that require an average power of many tens of megawatts (MW). Competitiveness, profits, reduction of pollution, reliability of operations, carbon emission trading are important energy related considerations for any port authority. Current technology allows the deployment of a local micro-grid of the size of tenths of MW, capable of islanded operation in case of emergency and to grant an increasing energy independency. Ownership of the grid permits a large flexibility on prices of energy sold inside the port, trading on local electric market and reduction of pollution. Renewable energy generation has a large impact on costs since features a low marginal cost. Unfortunately the smart grid is a critical asset within the port infrastructure and its intelligence is a high-level target for cyberattacks. Such attacks are often based on malicious software (malware), which makes use of a controlling entity on the network to coordinate and propagate. In this document, we will outline some features of a port smart grid and typical characteristics of cyber-attacks including potential ways to recognize it and suggestion for effective countermeasures

ADAPT: A Game Inspired Attack-Defense And Performance Metric Taxonomy

Abstract. Game theory has been researched extensively in network security demonstrating an advantage of modeling the interactions between attackers and defenders. Game theoretic defense solutions have continuously evolved in most recent years. One of the pressing issues in composing a game theoretic defense system is the development of consistent quantifiable metrics to select the best game theoretic defense model. We survey existing game theoretic defense, information assurance, and risk assessment frameworks that provide metrics for information and network security and performance assessment. Coupling these frameworks, we propose a game theoretic approach to attack-defense and performance metric taxonomy (ADAPT). ADAPT uses three classifications of metrics: (i) Attacker, (ii) Defender (iii) Performance. We proffer ADAPT with an attempt to aid game theoretic performance metrics. We further propose a game decision system (GDS) that uses ADAPT to compare competing game models. We demonstrate our approach using a distributed denial of service (DDoS) attack scenario. Keywords: Game Theory, Taxonomy, Security Management INTRODUCTION Game theory has received increased attention from network security researchers, investigating defense solutions. The game theory approach has the advantage of modeling the interactions between attackers and defenders, where players have the ability to analyze other player's behavior. This may enable an administrator to develop better strategic defenses for the system. For instance, when there are many actions available to the attacker and defender, it becomes difficult to develop solution strategies. Hamilton, et al. [1] outlined the areas of game theory which are relevant to information warfare using course of actions with predicted outcomes and what-if scenarios. Jiang, et al. In this paper, we attempt to address limitations in research through the proposed game theoretic attack-defense and performance metric taxonomy (ADAPT), which is a taxonomy of game related metrics. We define a game as the interactions between two players with conflicting goals. In our case these players are the attacker (hacker) and system administrator (defender). Game metrics are a set of tools which are used to measure the various kinds of impact a game model has on each of its players. We classify these game metrics based on their impact on attacker, defender, and the performance of the game model on the system which is being run. Prior research has shown, with the use of game theory, how the interaction should take place based on the strategy and the strategy selected from the game model. In this traditional scenario one game model is assessed relative to a particular attack. He, et al. [6] proposed a Game Theoretical Attack-Defense Model (GTADM), similar to ADAPT, that quantifies the probability of threats in constructing a risk assessment framework. We extend these general game theory steps and concepts proposed in He, et al. [6] with the use of ADAPT being able to assess competing game models and select the game model which is suitable for defense. This provides a defender with a preliminary view of multiple game models associated to a particular attack

On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks

As cyber attacks continue to grow in number, scope, and severity, the cyber security problem has become increasingly important and challenging to both academic researchers and industry practitioners. We explore the applicability of game theoretic approaches to the cyber security problem with focus on active bandwidth depletion attacks. We model the interaction between the attacker and the defender as a two-player non-zero-sum game in two attack scenarios: (i) one single attacking node for Denial of Service (DoS) and (ii) multiple attacking nodes for Distributed DoS (DDoS). The defender\u27s challenge is to determine optimal firewall settings to block rogue traffics while allowing legitimate ones. Our analysis considers the worst-case scenario where the attacker also attempts to find the most effective sending rate or botnet size. In either case, we build both static and dynamic game models to compute the Nash equilibrium that represents the best strategy of the defender. We validate the effectiveness of our game theoretic defense mechanisms via extensive simulation-based experiments using NS-3. © 2010 SCS

A Stochastic Game Theoretical Model for Cyber Security

The resiliency of systems integrated through cyber networks is of utmost importance due to the reliance on these systems for critical services such as industrial control systems, nuclear production, and military weapons systems. Current research in cyber resiliency remains largely limited to methodologies utilizing a singular technique that is predominantly theoretical with limited examples given. This research uses notional data in presenting a novel approach to cyber system analysis and network resource allocation by leveraging multiple techniques including game theory, stochastic processes, and mathematical programming. An operational network security problem consisting of 20 tactical normal form games provides an assessment of the resiliency of a cyber defender\u27s network by leveraging the solutions of each tactical game to inform transitional probabilities of a discrete-time Markov chain over an attacker- defender state space. Furthermore, the Markov chain provides an assessment of the conditional path through the operational problem with an expected cost of damage to the defender network. The solutions of the tactical games and, in turn the operational problem, are utilized to determine the effects and risks of projected network improvement resource allocation decisions via an integer program. These results can be used to inform network analysts of the resiliency of their network while providing recommendations and requirements for improving their network resiliency posture against potential malicious external actors

Information fusion architectures for security and resource management in cyber physical systems

Data acquisition through sensors is very crucial in determining the operability of the observed physical entity. Cyber Physical Systems (CPSs) are an example of distributed systems where sensors embedded into the physical system are used in sensing and data acquisition. CPSs are a collaboration between the physical and the computational cyber components. The control decisions sent back to the actuators on the physical components from the computational cyber components closes the feedback loop of the CPS. Since, this feedback is solely based on the data collected through the embedded sensors, information acquisition from the data plays an extremely vital role in determining the operational stability of the CPS. Data collection process may be hindered by disturbances such as system faults, noise and security attacks. Hence, simple data acquisition techniques will not suffice as accurate system representation cannot be obtained. Therefore, more powerful methods of inferring information from collected data such as Information Fusion have to be used. Information fusion is analogous to the cognitive process used by humans to integrate data continuously from their senses to make inferences about their environment. Data from the sensors is combined using techniques drawn from several disciplines such as Adaptive Filtering, Machine Learning and Pattern Recognition. Decisions made from such combination of data form the crux of information fusion and differentiates it from a flat structured data aggregation. In this dissertation, multi-layered information fusion models are used to develop automated decision making architectures to service security and resource management requirements in Cyber Physical Systems --Abstract, page iv