1,851 research outputs found
Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats
Advanced persistent threats (APTs) are stealthy attacks which make use of
social engineering and deception to give adversaries insider access to
networked systems. Against APTs, active defense technologies aim to create and
exploit information asymmetry for defenders. In this paper, we study a scenario
in which a powerful defender uses honeynets for active defense in order to
observe an attacker who has penetrated the network. Rather than immediately
eject the attacker, the defender may elect to gather information. We introduce
an undiscounted, infinite-horizon Markov decision process on a continuous state
space in order to model the defender's problem. We find a threshold of
information that the defender should gather about the attacker before ejecting
him. Then we study the robustness of this policy using a Stackelberg game.
Finally, we simulate the policy for a conceptual network. Our results provide a
quantitative foundation for studying optimal timing for attacker engagement in
network defense.Comment: Submitted to the 2019 Intl. Symp. Modeling and Optimization in
Mobile, Ad Hoc, and Wireless Nets. (WiOpt
Asymptotic Security of Control Systems by Covert Reaction: Repeated Signaling Game with Undisclosed Belief
This study investigates the relationship between resilience of control
systems to attacks and the information available to malicious attackers.
Specifically, it is shown that control systems are guaranteed to be secure in
an asymptotic manner by rendering reactions against potentially harmful actions
covert. The behaviors of the attacker and the defender are analyzed through a
repeated signaling game with an undisclosed belief under covert reactions. In
the typical setting of signaling games, reactions conducted by the defender are
supposed to be public information and the measurability enables the attacker to
accurately trace transitions of the defender's belief on existence of a
malicious attacker. In contrast, the belief in the game considered in this
paper is undisclosed and hence common equilibrium concepts can no longer be
employed for the analysis. To surmount this difficulty, a novel framework for
decision of reasonable strategies of the players in the game is introduced.
Based on the presented framework, it is revealed that any reasonable strategy
chosen by a rational malicious attacker converges to the benign behavior as
long as the reactions performed by the defender are unobservable to the
attacker. The result provides an explicit relationship between resilience and
information, which indicates the importance of covertness of reactions for
designing secure control systems.Comment: 8 page
Quadratic Multi-Dimensional Signaling Games and Affine Equilibria
This paper studies the decentralized quadratic cheap talk and signaling game
problems when an encoder and a decoder, viewed as two decision makers, have
misaligned objective functions. The main contributions of this study are the
extension of Crawford and Sobel's cheap talk formulation to multi-dimensional
sources and to noisy channel setups. We consider both (simultaneous) Nash
equilibria and (sequential) Stackelberg equilibria. We show that for arbitrary
scalar sources, in the presence of misalignment, the quantized nature of all
equilibrium policies holds for Nash equilibria in the sense that all Nash
equilibria are equivalent to those achieved by quantized encoder policies. On
the other hand, all Stackelberg equilibria policies are fully informative. For
multi-dimensional setups, unlike the scalar case, Nash equilibrium policies may
be of non-quantized nature, and even linear. In the noisy setup, a Gaussian
source is to be transmitted over an additive Gaussian channel. The goals of the
encoder and the decoder are misaligned by a bias term and encoder's cost also
includes a penalty term on signal power. Conditions for the existence of affine
Nash equilibria as well as general informative equilibria are presented. For
the noisy setup, the only Stackelberg equilibrium is the linear equilibrium
when the variables are scalar. Our findings provide further conditions on when
affine policies may be optimal in decentralized multi-criteria control problems
and lead to conditions for the presence of active information transmission in
strategic environments.Comment: 15 pages, 4 figure
Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense
The increasing instances of advanced attacks call for a new defense paradigm
that is active, autonomous, and adaptive, named as the \texttt{`3A'} defense
paradigm. This chapter introduces three defense schemes that actively interact
with attackers to increase the attack cost and gather threat information, i.e.,
defensive deception for detection and counter-deception, feedback-driven Moving
Target Defense (MTD), and adaptive honeypot engagement. Due to the cyber
deception, external noise, and the absent knowledge of the other players'
behaviors and goals, these schemes possess three progressive levels of
information restrictions, i.e., from the parameter uncertainty, the payoff
uncertainty, to the environmental uncertainty. To estimate the unknown and
reduce uncertainty, we adopt three different strategic learning schemes that
fit the associated information restrictions. All three learning schemes share
the same feedback structure of sensation, estimation, and actions so that the
most rewarding policies get reinforced and converge to the optimal ones in
autonomous and adaptive fashions. This work aims to shed lights on proactive
defense strategies, lay a solid foundation for strategic learning under
incomplete information, and quantify the tradeoff between the security and
costs.Comment: arXiv admin note: text overlap with arXiv:1906.1218
- …