Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks

Linan Huang, Quanyan Zhu

Research output: Contribution to journalConference article

Abstract

Advanced Persistent Threats (APTs) have created new security challenges for critical infrastructures due to their stealthy, dynamic, and adaptive natures. In this work, we aim to lay a game-theoretic foundation by establishing a multi-stage Bayesian game framework to capture incomplete information of deceptive APTs and their multistage multi-phase movement. The analysis of the perfect Bayesian Nash equilibrium (PBNE) enables a prediction of attacker's behaviors and a design of defensive strategies that can deter the adversaries and mitigate the security risks. A conjugate-prior method allows online computation of the belief and reduces Bayesian update into an iterative parameter update. The forwardly updated parameters are assimilated into the backward dynamic programming computation to characterize a computationally tractable and time-consistent equilibrium solution based on the expanded state space. The Tennessee Eastman (TE) process control problem is used as a case study to demonstrate the dynamic game under the information asymmetry and show that APTs tend to be stealthy and deceptive during their transitions in the cyber layer and behave aggressively when reaching the targeted physical plant. The online update of the belief allows the defender to learn the behavior of the attacker and choose strategic defensive actions that can thwart adversarial behaviors and mitigate APTs. Numerical results illustrate the defender's tradeoff between the immediate reward and the future expectation as well as the attacker's goal to reach an advantageous system state while making the defender form a positive belief.

Original languageEnglish (US)
Pages (from-to)52-56
Number of pages5
JournalPerformance Evaluation Review
Volume46
Issue number2
DOIs
StatePublished - Jan 17 2019
Event2018 Workshop on MAthematical Performance Modeling and Analysis, MAMA 2018 and Workshop on Critical Infrastructure Network Security, CINS 2018 - Irvine, United States
Duration: Jun 1 2018 → …

Fingerprint

Critical infrastructures
Dynamic programming
Process control

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks. / Huang, Linan; Zhu, Quanyan.

In: Performance Evaluation Review, Vol. 46, No. 2, 17.01.2019, p. 52-56.

Research output: Contribution to journalConference article

@article{4c5f61dd3bad4970b2d32ef1150cdc3d,
title = "Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks",
abstract = "Advanced Persistent Threats (APTs) have created new security challenges for critical infrastructures due to their stealthy, dynamic, and adaptive natures. In this work, we aim to lay a game-theoretic foundation by establishing a multi-stage Bayesian game framework to capture incomplete information of deceptive APTs and their multistage multi-phase movement. The analysis of the perfect Bayesian Nash equilibrium (PBNE) enables a prediction of attacker's behaviors and a design of defensive strategies that can deter the adversaries and mitigate the security risks. A conjugate-prior method allows online computation of the belief and reduces Bayesian update into an iterative parameter update. The forwardly updated parameters are assimilated into the backward dynamic programming computation to characterize a computationally tractable and time-consistent equilibrium solution based on the expanded state space. The Tennessee Eastman (TE) process control problem is used as a case study to demonstrate the dynamic game under the information asymmetry and show that APTs tend to be stealthy and deceptive during their transitions in the cyber layer and behave aggressively when reaching the targeted physical plant. The online update of the belief allows the defender to learn the behavior of the attacker and choose strategic defensive actions that can thwart adversarial behaviors and mitigate APTs. Numerical results illustrate the defender's tradeoff between the immediate reward and the future expectation as well as the attacker's goal to reach an advantageous system state while making the defender form a positive belief.",
author = "Linan Huang and Quanyan Zhu",
year = "2019",
month = "1",
day = "17",
doi = "10.1145/3305218.3305239",
language = "English (US)",
volume = "46",
pages = "52--56",
journal = "Performance Evaluation Review",
issn = "0163-5999",
publisher = "Association for Computing Machinery (ACM)",
number = "2",

}

TY - JOUR

T1 - Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks

AU - Huang, Linan

AU - Zhu, Quanyan

PY - 2019/1/17

Y1 - 2019/1/17

N2 - Advanced Persistent Threats (APTs) have created new security challenges for critical infrastructures due to their stealthy, dynamic, and adaptive natures. In this work, we aim to lay a game-theoretic foundation by establishing a multi-stage Bayesian game framework to capture incomplete information of deceptive APTs and their multistage multi-phase movement. The analysis of the perfect Bayesian Nash equilibrium (PBNE) enables a prediction of attacker's behaviors and a design of defensive strategies that can deter the adversaries and mitigate the security risks. A conjugate-prior method allows online computation of the belief and reduces Bayesian update into an iterative parameter update. The forwardly updated parameters are assimilated into the backward dynamic programming computation to characterize a computationally tractable and time-consistent equilibrium solution based on the expanded state space. The Tennessee Eastman (TE) process control problem is used as a case study to demonstrate the dynamic game under the information asymmetry and show that APTs tend to be stealthy and deceptive during their transitions in the cyber layer and behave aggressively when reaching the targeted physical plant. The online update of the belief allows the defender to learn the behavior of the attacker and choose strategic defensive actions that can thwart adversarial behaviors and mitigate APTs. Numerical results illustrate the defender's tradeoff between the immediate reward and the future expectation as well as the attacker's goal to reach an advantageous system state while making the defender form a positive belief.

AB - Advanced Persistent Threats (APTs) have created new security challenges for critical infrastructures due to their stealthy, dynamic, and adaptive natures. In this work, we aim to lay a game-theoretic foundation by establishing a multi-stage Bayesian game framework to capture incomplete information of deceptive APTs and their multistage multi-phase movement. The analysis of the perfect Bayesian Nash equilibrium (PBNE) enables a prediction of attacker's behaviors and a design of defensive strategies that can deter the adversaries and mitigate the security risks. A conjugate-prior method allows online computation of the belief and reduces Bayesian update into an iterative parameter update. The forwardly updated parameters are assimilated into the backward dynamic programming computation to characterize a computationally tractable and time-consistent equilibrium solution based on the expanded state space. The Tennessee Eastman (TE) process control problem is used as a case study to demonstrate the dynamic game under the information asymmetry and show that APTs tend to be stealthy and deceptive during their transitions in the cyber layer and behave aggressively when reaching the targeted physical plant. The online update of the belief allows the defender to learn the behavior of the attacker and choose strategic defensive actions that can thwart adversarial behaviors and mitigate APTs. Numerical results illustrate the defender's tradeoff between the immediate reward and the future expectation as well as the attacker's goal to reach an advantageous system state while making the defender form a positive belief.

UR - http://www.scopus.com/inward/record.url?scp=85061104210&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061104210&partnerID=8YFLogxK

U2 - 10.1145/3305218.3305239

DO - 10.1145/3305218.3305239

M3 - Conference article

VL - 46

SP - 52

EP - 56

JO - Performance Evaluation Review

JF - Performance Evaluation Review

SN - 0163-5999

IS - 2

ER -