Mitigating covert compromises: A game-theoretic model of targeted and non-targeted covert attacks

Aron Laszka, Benjamin Johnson, Jens Grossklags

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Citations (Scopus)

Abstract

Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two main types: targeted and non-targeted attacks. Targeted attacks include, for example, cyberespionage, while non-targeted attacks include botnet recruitment. We are concerned with the subclass of these attacks for which detection is too costly or technically infeasible given the capabilities of a typical organization. As a result, defenders have to mitigate potential damages under a regime of incomplete information. A primary mitigation strategy is to reset potentially compromised resources to a known safe state, for example, by reinstalling computer systems, and changing passwords or cryptographic private keys. In a game-theoretic framework, we study the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks. Our work has practical implications for the definition of security policies, in particular, for password and key renewal schedules.

Original languageEnglish (US)
Title of host publicationWeb and Internet Economics - 9th International Conference, WINE 2013, Proceedings
Pages319-332
Number of pages14
DOIs
StatePublished - Dec 1 2013
Event9th International Conference on Web and Internet Economics, WINE 2013 - Cambridge, MA, United States
Duration: Dec 11 2013Dec 14 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8289 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other9th International Conference on Web and Internet Economics, WINE 2013
CountryUnited States
CityCambridge, MA
Period12/11/1312/14/13

Fingerprint

Computer systems
Attack
Game
Password
Model
Resources
Security Policy
Renewal
Incomplete Information
Optimal Strategy
Period of time
Botnet
Schedule
Damage
Computing

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Laszka, A., Johnson, B., & Grossklags, J. (2013). Mitigating covert compromises: A game-theoretic model of targeted and non-targeted covert attacks. In Web and Internet Economics - 9th International Conference, WINE 2013, Proceedings (pp. 319-332). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8289 LNCS). https://doi.org/10.1007/978-3-642-45046-4_26
Laszka, Aron ; Johnson, Benjamin ; Grossklags, Jens. / Mitigating covert compromises : A game-theoretic model of targeted and non-targeted covert attacks. Web and Internet Economics - 9th International Conference, WINE 2013, Proceedings. 2013. pp. 319-332 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{5bbacfc3ae5a408eb6e25a6fd8511e21,
title = "Mitigating covert compromises: A game-theoretic model of targeted and non-targeted covert attacks",
abstract = "Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two main types: targeted and non-targeted attacks. Targeted attacks include, for example, cyberespionage, while non-targeted attacks include botnet recruitment. We are concerned with the subclass of these attacks for which detection is too costly or technically infeasible given the capabilities of a typical organization. As a result, defenders have to mitigate potential damages under a regime of incomplete information. A primary mitigation strategy is to reset potentially compromised resources to a known safe state, for example, by reinstalling computer systems, and changing passwords or cryptographic private keys. In a game-theoretic framework, we study the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks. Our work has practical implications for the definition of security policies, in particular, for password and key renewal schedules.",
author = "Aron Laszka and Benjamin Johnson and Jens Grossklags",
year = "2013",
month = "12",
day = "1",
doi = "10.1007/978-3-642-45046-4_26",
language = "English (US)",
isbn = "9783642450457",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "319--332",
booktitle = "Web and Internet Economics - 9th International Conference, WINE 2013, Proceedings",

}

Laszka, A, Johnson, B & Grossklags, J 2013, Mitigating covert compromises: A game-theoretic model of targeted and non-targeted covert attacks. in Web and Internet Economics - 9th International Conference, WINE 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8289 LNCS, pp. 319-332, 9th International Conference on Web and Internet Economics, WINE 2013, Cambridge, MA, United States, 12/11/13. https://doi.org/10.1007/978-3-642-45046-4_26

Mitigating covert compromises : A game-theoretic model of targeted and non-targeted covert attacks. / Laszka, Aron; Johnson, Benjamin; Grossklags, Jens.

Web and Internet Economics - 9th International Conference, WINE 2013, Proceedings. 2013. p. 319-332 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8289 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Mitigating covert compromises

T2 - A game-theoretic model of targeted and non-targeted covert attacks

AU - Laszka, Aron

AU - Johnson, Benjamin

AU - Grossklags, Jens

PY - 2013/12/1

Y1 - 2013/12/1

N2 - Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two main types: targeted and non-targeted attacks. Targeted attacks include, for example, cyberespionage, while non-targeted attacks include botnet recruitment. We are concerned with the subclass of these attacks for which detection is too costly or technically infeasible given the capabilities of a typical organization. As a result, defenders have to mitigate potential damages under a regime of incomplete information. A primary mitigation strategy is to reset potentially compromised resources to a known safe state, for example, by reinstalling computer systems, and changing passwords or cryptographic private keys. In a game-theoretic framework, we study the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks. Our work has practical implications for the definition of security policies, in particular, for password and key renewal schedules.

AB - Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two main types: targeted and non-targeted attacks. Targeted attacks include, for example, cyberespionage, while non-targeted attacks include botnet recruitment. We are concerned with the subclass of these attacks for which detection is too costly or technically infeasible given the capabilities of a typical organization. As a result, defenders have to mitigate potential damages under a regime of incomplete information. A primary mitigation strategy is to reset potentially compromised resources to a known safe state, for example, by reinstalling computer systems, and changing passwords or cryptographic private keys. In a game-theoretic framework, we study the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks. Our work has practical implications for the definition of security policies, in particular, for password and key renewal schedules.

UR - http://www.scopus.com/inward/record.url?scp=84893093420&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893093420&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-45046-4_26

DO - 10.1007/978-3-642-45046-4_26

M3 - Conference contribution

AN - SCOPUS:84893093420

SN - 9783642450457

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 319

EP - 332

BT - Web and Internet Economics - 9th International Conference, WINE 2013, Proceedings

ER -

Laszka A, Johnson B, Grossklags J. Mitigating covert compromises: A game-theoretic model of targeted and non-targeted covert attacks. In Web and Internet Economics - 9th International Conference, WINE 2013, Proceedings. 2013. p. 319-332. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-45046-4_26