Optimal cyber-defense strategies for advanced persistent threats: A game theoretical analysis

Jeffrey Acquaviva, Mark Mahon, Bruce Einfalt, Thomas F. La Porta

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

We introduce a novel mathematical model that treats network security as a game between cyber attackers and network administrators. The model takes the form of a zero-sum repeated game where each sub-game corresponds to a possible state of the attacker. Our formulation views state as the set of compromised edges in a graph opposed to the more traditional node-based view. This provides a more expressive model since it allows the defender to anticipate the direction of attack. Both players move independently and in continuous time allowing for the possibility of one player moving several times before the other does. This model shows that defense-in-depth is not always a rational strategy for budget constrained network administrators. Furthermore, a defender can dissuade a rational attacker from attempting to attack a network if the defense budget is sufficiently high. This means that a network administrator does not need to make their system completely free of vulnerabilities, they only to ensure the penalties for being caught outweigh the potential rewards gained.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017
PublisherIEEE Computer Society
Pages204-213
Number of pages10
ISBN (Electronic)9781538616796
DOIs
StatePublished - Oct 13 2017
Event36th IEEE International Symposium on Reliable Distributed Systems, SRDS 2017 - Hong Kong, Hong Kong
Duration: Sep 26 2017Sep 29 2017

Publication series

NameProceedings of the IEEE Symposium on Reliable Distributed Systems
Volume2017-September
ISSN (Print)1060-9857

Other

Other36th IEEE International Symposium on Reliable Distributed Systems, SRDS 2017
CountryHong Kong
CityHong Kong
Period9/26/179/29/17

Fingerprint

Theoretical Analysis
Game
Network security
Attack
Repeated Games
Zero sum game
Network Security
Vulnerability
Reward
Mathematical models
Penalty
Continuous Time
Model
Mathematical Model
Strategy
Formulation
Graph in graph theory
Vertex of a graph

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Acquaviva, J., Mahon, M., Einfalt, B., & La Porta, T. F. (2017). Optimal cyber-defense strategies for advanced persistent threats: A game theoretical analysis. In Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017 (pp. 204-213). [8069083] (Proceedings of the IEEE Symposium on Reliable Distributed Systems; Vol. 2017-September). IEEE Computer Society. https://doi.org/10.1109/SRDS.2017.29
Acquaviva, Jeffrey ; Mahon, Mark ; Einfalt, Bruce ; La Porta, Thomas F. / Optimal cyber-defense strategies for advanced persistent threats : A game theoretical analysis. Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017. IEEE Computer Society, 2017. pp. 204-213 (Proceedings of the IEEE Symposium on Reliable Distributed Systems).
@inproceedings{cc39b0627a314d4f89eee3478cbc0e60,
title = "Optimal cyber-defense strategies for advanced persistent threats: A game theoretical analysis",
abstract = "We introduce a novel mathematical model that treats network security as a game between cyber attackers and network administrators. The model takes the form of a zero-sum repeated game where each sub-game corresponds to a possible state of the attacker. Our formulation views state as the set of compromised edges in a graph opposed to the more traditional node-based view. This provides a more expressive model since it allows the defender to anticipate the direction of attack. Both players move independently and in continuous time allowing for the possibility of one player moving several times before the other does. This model shows that defense-in-depth is not always a rational strategy for budget constrained network administrators. Furthermore, a defender can dissuade a rational attacker from attempting to attack a network if the defense budget is sufficiently high. This means that a network administrator does not need to make their system completely free of vulnerabilities, they only to ensure the penalties for being caught outweigh the potential rewards gained.",
author = "Jeffrey Acquaviva and Mark Mahon and Bruce Einfalt and {La Porta}, {Thomas F.}",
year = "2017",
month = "10",
day = "13",
doi = "10.1109/SRDS.2017.29",
language = "English (US)",
series = "Proceedings of the IEEE Symposium on Reliable Distributed Systems",
publisher = "IEEE Computer Society",
pages = "204--213",
booktitle = "Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017",
address = "United States",

}

Acquaviva, J, Mahon, M, Einfalt, B & La Porta, TF 2017, Optimal cyber-defense strategies for advanced persistent threats: A game theoretical analysis. in Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017., 8069083, Proceedings of the IEEE Symposium on Reliable Distributed Systems, vol. 2017-September, IEEE Computer Society, pp. 204-213, 36th IEEE International Symposium on Reliable Distributed Systems, SRDS 2017, Hong Kong, Hong Kong, 9/26/17. https://doi.org/10.1109/SRDS.2017.29

Optimal cyber-defense strategies for advanced persistent threats : A game theoretical analysis. / Acquaviva, Jeffrey; Mahon, Mark; Einfalt, Bruce; La Porta, Thomas F.

Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017. IEEE Computer Society, 2017. p. 204-213 8069083 (Proceedings of the IEEE Symposium on Reliable Distributed Systems; Vol. 2017-September).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Optimal cyber-defense strategies for advanced persistent threats

T2 - A game theoretical analysis

AU - Acquaviva, Jeffrey

AU - Mahon, Mark

AU - Einfalt, Bruce

AU - La Porta, Thomas F.

PY - 2017/10/13

Y1 - 2017/10/13

N2 - We introduce a novel mathematical model that treats network security as a game between cyber attackers and network administrators. The model takes the form of a zero-sum repeated game where each sub-game corresponds to a possible state of the attacker. Our formulation views state as the set of compromised edges in a graph opposed to the more traditional node-based view. This provides a more expressive model since it allows the defender to anticipate the direction of attack. Both players move independently and in continuous time allowing for the possibility of one player moving several times before the other does. This model shows that defense-in-depth is not always a rational strategy for budget constrained network administrators. Furthermore, a defender can dissuade a rational attacker from attempting to attack a network if the defense budget is sufficiently high. This means that a network administrator does not need to make their system completely free of vulnerabilities, they only to ensure the penalties for being caught outweigh the potential rewards gained.

AB - We introduce a novel mathematical model that treats network security as a game between cyber attackers and network administrators. The model takes the form of a zero-sum repeated game where each sub-game corresponds to a possible state of the attacker. Our formulation views state as the set of compromised edges in a graph opposed to the more traditional node-based view. This provides a more expressive model since it allows the defender to anticipate the direction of attack. Both players move independently and in continuous time allowing for the possibility of one player moving several times before the other does. This model shows that defense-in-depth is not always a rational strategy for budget constrained network administrators. Furthermore, a defender can dissuade a rational attacker from attempting to attack a network if the defense budget is sufficiently high. This means that a network administrator does not need to make their system completely free of vulnerabilities, they only to ensure the penalties for being caught outweigh the potential rewards gained.

UR - http://www.scopus.com/inward/record.url?scp=85038081238&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85038081238&partnerID=8YFLogxK

U2 - 10.1109/SRDS.2017.29

DO - 10.1109/SRDS.2017.29

M3 - Conference contribution

AN - SCOPUS:85038081238

T3 - Proceedings of the IEEE Symposium on Reliable Distributed Systems

SP - 204

EP - 213

BT - Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017

PB - IEEE Computer Society

ER -

Acquaviva J, Mahon M, Einfalt B, La Porta TF. Optimal cyber-defense strategies for advanced persistent threats: A game theoretical analysis. In Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017. IEEE Computer Society. 2017. p. 204-213. 8069083. (Proceedings of the IEEE Symposium on Reliable Distributed Systems). https://doi.org/10.1109/SRDS.2017.29