Abstract
Diversity plays a significant role in network security, and we propose a formal model to investigate and optimize the advantages of software diversity in network security. However, diversity is also costly, and network administrators encounter a tradeoff between network secu- rity and the cost to deploy and maintain a well-diversified network. We study this tradeoff in a two-player nonzero-sum game-theoretic model of software diversity. We find the Nash equilibrium of the game to give an optimal security strategy for the defender, and implement an algorithm for optimizing software diversity via embedding a graph-coloring approach based on the Nash equilibrium. We show that the opponent (i.e., adversary) spends more effort to compromise an optimally diversified network. We also analyze the complexity of the proposed algorithm and propose a complexity reduction approach to avoid exponential growth in runtime. We present numerical results that validate the effectiveness of the proposed software diversity approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Anwar, A.H., Atia, G., Guirguis, M.: Game theoretic defense approach to wireless networks against stealthy decoy attacks. In: 2016 54th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 816–821. IEEE (2016)
Anwar, A.H., Atia, G., Guirguis, M.: It’s time to migrate! a game-theoretic framework for protecting a multi-tenant cloud against collocation attacks. In: 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), pp. 725–731. IEEE (2018)
Anwar, A.H., Kelly, J., Atia, G., Guirguis, M.: Stealthy edge decoy attacks against dynamic channel assignment in wireless networks. In: MILCOM 2015–2015 IEEE Military Communications Conference, pp. 671–676. IEEE (2015)
Anwar, A.H., Kelly, J., Atia, G., Guirguis, M.: Pinball attacks against dynamic channel assignment in wireless networks. Comput. Commun. 140, 23–37 (2019)
Borbor, D., Wang, L., Jajodia, S., Singhal, A.: Diversifying network services under cost constraints for better resilience against unknown attacks. In: Ranise, S., Swarup, V. (eds.) DBSec 2016. LNCS, vol. 9766, pp. 295–312. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41483-6_21
Casini, E., De Gaudenzi, R., Herrero, O.D.R.: Contention resolution diversity slotted aloha (CRDSA): an enhanced random access schemefor satellite access packet networks. IEEE Trans. Wireless Commun. 6(4), 1408–1419 (2007)
Chatterjee, B.: An optimization formulation to compute nash equilibrium in finite games. In: 2009 Proceeding of International Conference on Methods and Models in Computer Science (ICM2CS), pp. 1–5. IEEE (2009)
Chen, X., Deng, X.: Settling the complexity of two-player nash equilibrium. In: 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2006), pp. 261–272. IEEE (2006)
Farzaneh, M.: Graph Coloring by Genetic Algorithm. https://www.mathworks.com/matlabcentral/fileexchange/74118-graph-coloring-by-genetic-algorithm (2020), [MATLAB Central File Exchange. Accessed 12 July 2020]
Garcia, M., Bessani, A., Gashi, I., Neves, N., Obelheiro, R.: Os diversity for intrusion tolerance: myth or reality? In: 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN), pp. 383–394. IEEE (2011)
Jensen, T.R., Toft, B.: Graph Coloring Problems, vol. 39. Wiley, New York (2011)
Kiekintveld, C., Jain, M., Tsai, J., Pita, J., Ordóñez, F., Tambe, M.: Computing optimal randomized resource allocations for massive security games. In: Proceedings of the 8th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 689–696 (2009)
Kierstead, H.A.: Asymmetric graph coloring games. J. Graph Theory 48(3), 169–185 (2005)
Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SOK: automated software diversity. In: 2014 IEEE Symposium on Security and Privacy, pp. 276–291. IEEE (2014)
Le Goues, C., Forrest, S., Weimer, W.: Current challenges in automatic software repair. Softw. Qual. J. 21(3), 421–443 (2013)
Le Goues, C., Nguyen-Tuong, A., Chen, H., Davidson, J.W., Forrest, S., Hiser, J.D., Knight, J.C., Van Gundy, M.: Moving target defenses in the helix self-regenerative architecture. In: Jajodia, S., Ghosh, A., Subrahmanian, V., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense II, pp. 117–149. Springer, New York (2013). https://doi.org/10.1007/978-1-4614-5416-8_7
Liva, G.: Graph-based analysis and optimization of contention resolution diversity slotted aloha. IEEE Trans. Commun. 59(2), 477–487 (2010)
Mangasarian, O.L., Stone, H.: Two-person nonzero-sum games and quadratic programming. J. Math. Anal. Appl. 9(3), 348–355 (1964)
Moumen, A., Bouye, M., Sissaoui, H.: New secure partial encryption method for medical images using graph coloring problem. Nonlinear Dyn. 82(3), 1475–1482 (2015). https://doi.org/10.1007/s11071-015-2253-4
Nash, J.F., et al.: Equilibrium points in n-person games. Proc. Natl. Acad. Sci. 36(1), 48–49 (1950)
Neti, S., Somayaji, A., Locasto, M.E.: Software diversity: Security, entropy and game theory. In: HotSec (2012)
Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: 2010 43rd Hawaii International Conference on System Sciences, pp. 1–10. IEEE (2010)
Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298–307 (2004)
Sohn, S.: Graph coloring algorithms and applications to the channel assignment problems. In: Kim, K.J., Chung, K.-Y. (eds.) IT Convergence and Security 2012. LNEE, vol. 215, pp. 363–370. Springer, Dordrecht (2013). https://doi.org/10.1007/978-94-007-5860-5_44
Thiyagarajan, P., Aghila, G.: Reversible dynamic secure steganography for medical image using graph coloring. Health Policy Technol. 2(3), 151–161 (2013)
Wang, S., Wang, P., Wu, D.: Composite software diversification. In: 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 284–294. IEEE (2017)
Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 157–168 (2012)
Zhang, M., Wang, L., Jajodia, S., Singhal, A., Albanese, M.: Network diversity: a security metric for evaluating the resilience of networks against zero-day attacks. IEEE Trans. Inf. Forensics Secur. 11(5), 1071–1086 (2016)
Acknowledgment
Research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-19-2-0150. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Anwar, A.H., Leslie, N.O., Kamhoua, C., Kiekintveld, C. (2020). A Game Theoretic Framework for Software Diversity for Network Security. In: Zhu, Q., Baras, J.S., Poovendran, R., Chen, J. (eds) Decision and Game Theory for Security. GameSec 2020. Lecture Notes in Computer Science(), vol 12513. Springer, Cham. https://doi.org/10.1007/978-3-030-64793-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-64793-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-64792-6
Online ISBN: 978-3-030-64793-3
eBook Packages: Computer ScienceComputer Science (R0)