1,826 research outputs found
The Work-Averse Cyber Attacker Model: Theory and Evidence From Two Million Attack Signatures
The assumption that a cyber attacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed costs of exploit development induce attackers to delay implementation and deployment of exploits of vulnerabilities. The theoretical model predicts that mass attackers will preferably i) exploit only one vulnerability per software version, ii) largely include only vulnerabilities requiring low attack complexity, and iii) be slow at trying to weaponize new vulnerabilities. These predictions are empirically validated on a large dataset of observed massed attacks launched against a large collection of information systems. Findings in this paper allow cyber risk managers to better concentrate their efforts for vulnerability management, and set a new theoretical and empirical basis for further research defining attacker (offensive) processes
Information Leakage Games
We consider a game-theoretic setting to model the interplay between attacker
and defender in the context of information flow, and to reason about their
optimal strategies. In contrast with standard game theory, in our games the
utility of a mixed strategy is a convex function of the distribution on the
defender's pure actions, rather than the expected value of their utilities.
Nevertheless, the important properties of game theory, notably the existence of
a Nash equilibrium, still hold for our (zero-sum) leakage games, and we provide
algorithms to compute the corresponding optimal strategies. As typical in
(simultaneous) game theory, the optimal strategy is usually mixed, i.e.,
probabilistic, for both the attacker and the defender. From the point of view
of information flow, this was to be expected in the case of the defender, since
it is well known that randomization at the level of the system design may help
to reduce information leaks. Regarding the attacker, however, this seems the
first work (w.r.t. the literature in information flow) proving formally that in
certain cases the optimal attack strategy is necessarily probabilistic
A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity
Oil and gas drilling is based, increasingly, on operational technology, whose
cybersecurity is complicated by several challenges. We propose a graphical
model for cybersecurity risk assessment based on Adversarial Risk Analysis to
face those challenges. We also provide an example of the model in the context
of an offshore drilling rig. The proposed model provides a more formal and
comprehensive analysis of risks, still using the standard business language
based on decisions, risks, and value.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions
Current threat models typically consider all possible ways an attacker can
penetrate a system and assign probabilities to each path according to some
metric (e.g. time-to-compromise). In this paper we discuss how this view
hinders the realness of both technical (e.g. attack graphs) and strategic (e.g.
game theory) approaches of current threat modeling, and propose to steer away
by looking more carefully at attack characteristics and attacker environment.
We use a toy threat model for ICS attacks to show how a realistic view of
attack instances can emerge from a simple analysis of attack phases and
attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for
Active Cyber Defens
The Attack and Defense of Weakest-Link Networks
This paper experimentally examines behavior in a two-player game of attack and defense of a weakest-link network of targets, in which the attacker’s objective is to successfully attack at least one target and the defender’s objective is diametrically opposed. We apply two benchmark contest success functions (CSFs): the auction CSF and the lottery CSF. Consistent with the theoretical prediction, under the auction CSF, attackers utilize a stochastic “guerilla warfare” strategy — in which a single random target is attacked — more than 80% of the time. Under the lottery CSF, attackers utilize the stochastic guerilla warfare strategy almost 45% of the time, contrary to the theoretical prediction of an equal allocation of forces across the targets.Colonel Blotto, conflict resolution, weakest-link, best-shot, multi-dimensional resource allocation, experiments
The Attack and Defense of Weakest-Link Networks
This paper experimentally examines behavior in a two-player game of attack and defense of a weakest-link network of targets, in which the attacker's objective is to successfully attack at least one target and the defender's objective is diametrically opposed. We apply two benchmark contest success functions (CSFs): the auction CSF and the lottery CSF. Consistent with the theoretical prediction, under the auction CSF, attackers utilize a stochastic “guerilla warfare” strategy — in which a single random target is attacked — more than 80% of the time. Under the lottery CSF, attackers utilize the stochastic guerilla warfare strategy almost 45% of the time, contrary to the theoretical prediction of an equal allocation of forces across the targets.Colonel Blotto, conflict resolution, weakest-link, best-shot, multi-dimensional resource allocation, experiments.
- …