Abstract
Although the ability to model and infer attacker intent, objectives, and strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this paper, we present a general incentive-based method to model AIOS and a game-theoretic approach to inferring AIOS. On one hand, we found that the concept of incentives can unify a large variety of attacker intents; the concept of utilities can integrate incentives and costs in such a way that attacker objectives can be practically modeled. On the other hand, we developed a game-theoretic AIOS formalization which can capture the inherent interdependency between AIOS and defender objectives and strategies in such a way that AIOS can be automatically inferred. Finally, we use a specific case study to show how attack strategies can be inferred in real-world attack--defense scenarios.
- Browne, H., Arbaugh, W. A., McHugh, J., and Fithen, W. L. 2001. A trend analysis of exploitations. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. 214--229. Google Scholar
- Browne, R. 2000. C4i defensive infrastructure for survivability against multi-mode attacks. In Proceedings of 21st Century Military Communication-Architectures and Technologies for Information Superiority.Google ScholarCross Ref
- Burke, D. 1999. Towards a Game Theory Model of Information Warfare. Tech. rep., Air force Institute of Technology. Master's Thesis.Google Scholar
- Clarke, E. H. 1971. Multipart pricing of public goods. Public Choice 11, 17--33.Google ScholarCross Ref
- Conitzer, V. and Sandholm, T. 2002. Complexity Results About Nash Equilibria. Tech. rep., Carnegie Mellon University. CMU-CS-02-135.Google Scholar
- Cuppens, F. and Miege, A. 2002. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Debar, H. and Wespi, A. 2001. Aggregation and correlation of intrusion detection alerts. In Proceedings of the 2001 International Symposium on Recent Advances in Intrusion Detection. 85--103. Google Scholar
- Feigenbaum, J., Papadimitriou, C., Sami, R., and Shenker, S. 2002. A BGP-based mechanism for lowest-cost routing. In Proceedings of the 2002 ACM Symposium on Principles of Distributed Computing. Google Scholar
- Gordon, L. A. and Loeb, M. P. 2001. Using information security as a response to competitor analysis systems. Commun. ACM 9, 44. Google Scholar
- Groves, T. 1973. Incentives in teams. Econometrica 41, 617--663.Google ScholarCross Ref
- Hespanha, J. P. and Bohacek, S. 2001. Preliminary results in routing games. In Proceedings of the 2001 American Control Conference.Google Scholar
- Ioannidis, J. and Bellovin, S. M. 2002. Implementing pushback: Router-based defense against ddos attacks. In Proceedings of the 2002 Annual Network and Distributed System Security Symposium.Google Scholar
- Koller, D. and Milch, B. 2001. Multi-agent influence diagrams for representing and solving games. In Proceedings of the 2001 International Joint Conference on Artificial Intelligence. Google Scholar
- Landwehr, C. E., Bull, A. R., McDermott, J. P., and Choi, W. S. 1994. A taxonomy of computer program security flaws. ACM Comput. Surv. 26, 3. Google ScholarDigital Library
- Liu, P., Jajodia, S., and McCollum, C. D. 2000. Intrusion confinement by isolation in information systems. J. Comput. Security 8, 4, 243--279. Google ScholarDigital Library
- Lunt, T. F. 1993. A survey of intrusion detection techniques. Computers & Security 4, 12 (June), 405--418. Google Scholar
- Lye, K. and Wing, J. M. 2002. Game strategies in network security. In Proceedings of the 2002 IEEE Computer Security Foundations Workshop.Google Scholar
- Malkhi, D. and Reiter, M. K. 2000. Secure execution of java applets using a remote playground. IEEE Trans. Software Eng. 26, 12. Google ScholarDigital Library
- Mas-Colell, A., Whinston, M. D., and Green, J. R. 1995. Microeconomic Theory. Oxford University Press, Oxford, UK.Google Scholar
- McHugh, J. 2001. Intrusion and intrusion detection. Int. J. Inf. Security 1, 14--35.Google ScholarDigital Library
- Medina, A., Lakhina, A., Matta, I., and Byers, J. 2001. An approach to universal topology generation. In Proceedings of the International Workshop on Modeling, Analysis and Simulation of Computer and Telecommunications Systems. Google Scholar
- Mesterton-Gibbons, M. 1992. An Introduction to Game-Theoretic Modeling. Addison-Wesley Publishing, Reading, MA.Google Scholar
- Mukherjee, B., Heberlein, L. T., and Levitt, K. N. 1994. Network intrusion detection. IEEE Network, 26--41.Google Scholar
- Nash, J. 1950. Equilibrium points in n-person games. In Proceedings of the National Academy of Sciences. 48--49.Google Scholar
- Ning, P., Cui, Y., and Reeves, D. S. 2002. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 2002 ACM Conference on Computer and Communications Security. Google Scholar
- Nisan, N. and Ronan, A. 2001. Algorithmic mechanism design. Games and Economic Behavior 35.Google Scholar
- ns2. The network simulator. http://www.isi.edu/nsnam/ns/.Google Scholar
- Syverson, P. F. 1997. A different look at secure distributed computation. In Proceedings of the 1997 IEEE Computer Security Foundations Workshop. Google Scholar
- Thusijsman, F. 1992. Optimality and Equilibria in Stochastic Games. Centrum voor Wiskunde en Informatica, Amsterdam.Google Scholar
- Vickrey, W. 1961. Counterspeculation, auctions, and competitive sealed tenders. J. Finance 16, 8--37.Google ScholarCross Ref
- Wang, X. and Reiter, M. 2003. Defending against denial-of-service attacks with puzzle auctions. In Proceedings of the 2003 IEEE Symposium on Security and Privacy. Google Scholar
- Wellman, M. P. and Walsh, W. E. 2001. Auction protocols for decentralized scheduling. Games and Economic Behavior 35.Google Scholar
- Xu, J. and Lee, W. 2003. Sustaining availability of web services under distributed denial of service attacks. IEEE Trans. Comput. 52, 4 (Feb.), 195--208. Google Scholar
- Zou, C., Gong, W., and Towsley, D. 2002. Code red worm propagation modeling and analysis. In Proceedings of the 2002 ACM Conference on Computer and Communications Security. Google Scholar
Index Terms
- Incentive-based modeling and inference of attacker intent, objectives, and strategies
Recommendations
Incentive-based modeling and inference of attacker intent, objectives, and strategies
CCS '03: Proceedings of the 10th ACM conference on Computer and communications securityAlthough the ability to model and infer Attacker Intent, Objectives and Strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad ...
Modeling a Multitarget Attacker-Defender Game with Budget Constraints
Though the choices of terrorists' attack targets are vast, their resources are limited. In this paper, a game-theoretical model is proposed to study both the defender's government and the attacker's terrorist expenditures among multiple targets under ...
To Handle, to Learn and to Manipulate the Attacker's (Uncertain) Payoffs in Security Games: Doctoral Consortium
AAMAS '15: Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent SystemsStackelberg security games (SSGs) are now established as a powerful tool in security domains. In order to compute the optimal strategy for the defender in SSG model, the defender needs to know the attacker's preferences over targets so that she can ...
Comments