A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Linan Huang, Quanyan Zhu

Research output: Contribution to journalArticle

Abstract

Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for a cyber-physical system due to their stealthy, dynamic and adaptive nature. Proactive dynamic defenses provide a strategic and holistic security mechanism to increase the costs of attacks and mitigate the risks. This work proposes a dynamic game framework to model a long-term interaction between a stealthy attacker and a proactive defender. The stealthy and deceptive behaviors are captured by the multi-stage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by the multi-stage observation and learning. The perfect Bayesian Nash equilibrium provides a useful prediction of both players’ policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the perfect Bayesian Nash equilibrium and use the Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.

Original languageEnglish (US)
Article number101660
JournalComputers and Security
Volume89
DOIs
StatePublished - Feb 2020

Fingerprint

threat
experiment
costs
interaction
learning
Cyber Physical System
Costs
Experiments

Keywords

  • Advanced persistent threats
  • Cyber deception
  • Defense in depth
  • Industrial control system security
  • Multi-stage Bayesian game
  • Perfect Bayesian Nash equilibrium
  • Proactive defense
  • Tennessee Eastman process

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

@article{8059404188bf434f9c897f25055eb603,
title = "A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems",
abstract = "Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for a cyber-physical system due to their stealthy, dynamic and adaptive nature. Proactive dynamic defenses provide a strategic and holistic security mechanism to increase the costs of attacks and mitigate the risks. This work proposes a dynamic game framework to model a long-term interaction between a stealthy attacker and a proactive defender. The stealthy and deceptive behaviors are captured by the multi-stage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by the multi-stage observation and learning. The perfect Bayesian Nash equilibrium provides a useful prediction of both players’ policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the perfect Bayesian Nash equilibrium and use the Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.",
keywords = "Advanced persistent threats, Cyber deception, Defense in depth, Industrial control system security, Multi-stage Bayesian game, Perfect Bayesian Nash equilibrium, Proactive defense, Tennessee Eastman process",
author = "Linan Huang and Quanyan Zhu",
year = "2020",
month = "2",
doi = "10.1016/j.cose.2019.101660",
language = "English (US)",
volume = "89",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

TY - JOUR

T1 - A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

AU - Huang, Linan

AU - Zhu, Quanyan

PY - 2020/2

Y1 - 2020/2

N2 - Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for a cyber-physical system due to their stealthy, dynamic and adaptive nature. Proactive dynamic defenses provide a strategic and holistic security mechanism to increase the costs of attacks and mitigate the risks. This work proposes a dynamic game framework to model a long-term interaction between a stealthy attacker and a proactive defender. The stealthy and deceptive behaviors are captured by the multi-stage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by the multi-stage observation and learning. The perfect Bayesian Nash equilibrium provides a useful prediction of both players’ policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the perfect Bayesian Nash equilibrium and use the Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.

AB - Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for a cyber-physical system due to their stealthy, dynamic and adaptive nature. Proactive dynamic defenses provide a strategic and holistic security mechanism to increase the costs of attacks and mitigate the risks. This work proposes a dynamic game framework to model a long-term interaction between a stealthy attacker and a proactive defender. The stealthy and deceptive behaviors are captured by the multi-stage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by the multi-stage observation and learning. The perfect Bayesian Nash equilibrium provides a useful prediction of both players’ policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the perfect Bayesian Nash equilibrium and use the Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.

KW - Advanced persistent threats

KW - Cyber deception

KW - Defense in depth

KW - Industrial control system security

KW - Multi-stage Bayesian game

KW - Perfect Bayesian Nash equilibrium

KW - Proactive defense

KW - Tennessee Eastman process

UR - http://www.scopus.com/inward/record.url?scp=85074768145&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85074768145&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2019.101660

DO - 10.1016/j.cose.2019.101660

M3 - Article

AN - SCOPUS:85074768145

VL - 89

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

M1 - 101660

ER -