71 research outputs found
Compact Representation of Value Function in Partially Observable Stochastic Games
Value methods for solving stochastic games with partial observability model
the uncertainty about states of the game as a probability distribution over
possible states. The dimension of this belief space is the number of states.
For many practical problems, for example in security, there are exponentially
many possible states which causes an insufficient scalability of algorithms for
real-world problems. To this end, we propose an abstraction technique that
addresses this issue of the curse of dimensionality by projecting
high-dimensional beliefs to characteristic vectors of significantly lower
dimension (e.g., marginal probabilities). Our two main contributions are (1)
novel compact representation of the uncertainty in partially observable
stochastic games and (2) novel algorithm based on this compact representation
that is based on existing state-of-the-art algorithms for solving stochastic
games with partial observability. Experimental evaluation confirms that the new
algorithm over the compact representation dramatically increases the
scalability compared to the state of the art
Mitigating Colluding Attacks in Online Social Networks and Crowdsourcing Platforms
Online Social Networks (OSNs) have created new ways for people to communicate, and for companies to engage their customers -- with these new avenues for communication come new vulnerabilities that can be exploited by attackers. This dissertation aims to investigate two attack models: Identity Clone Attacks (ICA) and Reconnaissance Attacks (RA). During an ICA, attackers impersonate users in a network and attempt to infiltrate social circles and extract confidential information. In an RA, attackers gather information on a target\u27s resources, employees, and relationships with other entities over public venues such as OSNs and company websites. This was made easier for the RA to be efficient because well-known social networks, such as Facebook, have a policy to force people to use their real identities for their accounts. The goal of our research is to provide mechanisms to defend against colluding attackers in the presence of ICA and RA collusion attacks. In this work, we consider a scenario not addressed by previous works, wherein multiple attackers collude against the network, and propose defense mechanisms for such an attack. We take into account the asymmetric nature of social networks and include the case where colluders could add or modify some attributes of their clones. We also consider the case where attackers send few friend requests to uncover their targets.
To detect fake reviews and uncovering colluders in crowdsourcing, we propose a semantic similarity measurement between reviews and a community detection algorithm to overcome the non-adversarial attack. ICA in a colluding attack may become stronger and more sophisticated than in a single attack. We introduce a token-based comparison and a friend list structure-matching approach, resulting in stronger identifiers even in the presence of attackers who could add or modify some attributes on the clone. We also propose a stronger RA collusion mechanism in which colluders build their own legitimacy by considering asymmetric relationships among users and, while having partial information of the networks, avoid recreating social circles around their targets. Finally, we propose a defense mechanism against colluding RA which uses the weakest person (e.g., the potential victim willing to accept friend requests) to reach their target
Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach
Honeypots play a crucial role in implementing various cyber deception
techniques as they possess the capability to divert attackers away from
valuable assets. Careful strategic placement of honeypots in networks should
consider not only network aspects but also attackers' preferences. The
allocation of honeypots in tactical networks under network mobility is of great
interest. To achieve this objective, we present a game-theoretic approach that
generates optimal honeypot allocation strategies within an attack/defense
scenario. Our proposed approach takes into consideration the changes in network
connectivity. In particular, we introduce a two-player dynamic game model that
explicitly incorporates the future state evolution resulting from changes in
network connectivity. The defender's objective is twofold: to maximize the
likelihood of the attacker hitting a honeypot and to minimize the cost
associated with deception and reconfiguration due to changes in network
topology. We present an iterative algorithm to find Nash equilibrium strategies
and analyze the scalability of the algorithm. Finally, we validate our approach
and present numerical results based on simulations, demonstrating that our game
model successfully enhances network security. Additionally, we have proposed
additional enhancements to improve the scalability of the proposed approach.Comment: This paper accepted in 14th International Conference on Decision and
Game Theory for Security, GameSec 202
Transfer Learning for Detecting Unknown Network Attacks
Network attacks are serious concerns in today’s increasingly interconnected society. Recent studies have applied conventional machine learning to network attack detection by learning the patterns of the network behaviors and training a classification model. These models usually require large labeled datasets; however, the rapid pace and unpredictability of cyber attacks make this labeling impossible in real time. To address these problems, we proposed utilizing transfer learning for detecting new and unseen attacks by transferring the knowledge of the known attacks. In our previous work, we have proposed a transfer learning-enabled framework and approach, called HeTL, which can find the common latent subspace of two different attacks and learn an optimized representation, which was invariant to attack behaviors’ changes. However, HeTL relied on manual pre-settings of hyper-parameters such as relativeness between the source and target attacks. In this paper, we extended this study by proposing a clustering-enhanced transfer learning approach, called CeHTL, which can automatically find the relation between the new attack and known attack. We evaluated these approaches by stimulating scenarios where the testing dataset contains different attack types or subtypes from the training set. We chose several conventional classification models such as decision trees, random forests, KNN, and other novel transfer learning approaches as strong baselines. Results showed that proposed HeTL and CeHTL improved the performance remarkably. CeHTL performed best, demonstrating the effectiveness of transfer learning in detecting new network attacks
- …