Game-theoretic approach to feedback-driven multi-stage moving target defense

Quanyan Zhu, Tamer Basa̧r

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The static nature of computer networks allows malicious attackers to easily gather useful information about the network using network scanning and packet sniffing. The employment of secure perimeter firewalls and intrusion detection systems cannot fully protect the network from sophisticated attacks. As an alternative to the expensive and imperfect detection of attacks, it is possible to improve network security by manipulating the attack surface of the network in order to create a moving target defense. In this paper, we introduce a proactive defense scheme that dynamically alters the attack surface of the network to make it difficult for attackers to gather system information by increasing complexity and reducing its signatures. We use concepts from systems and control literature to design an optimal and efficient multi-stage defense mechanism based on a feedback information structure. The change of attack surface involves a reconfiguration cost and a utility gain resulting from risk reduction. We use information- and control-theoretic tools to provide closed-form optimal randomization strategies. The results are corroborated by a case study and several numerical examples.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 4th International Conference, GameSec 2013, Proceedings
PublisherSpringer Verlag
Pages246-263
Number of pages18
Volume8252 LNCS
ISBN (Print)9783319027852
DOIs
StatePublished - 2013
Event4th International Conference on Decision and Game Theory for Security, GameSec 2013 - Fort Worth, TX, United States
Duration: Nov 11 2013Nov 12 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8252 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other4th International Conference on Decision and Game Theory for Security, GameSec 2013
CountryUnited States
CityFort Worth, TX
Period11/11/1311/12/13

Fingerprint

Moving Target
Attack
Game
Feedback
Network security
Information use
Intrusion detection
Computer networks
Information systems
Firewall
Information Structure
Network Security
Scanning
Computer Networks
Intrusion Detection
Perimeter
Reconfiguration
Randomisation
Imperfect
Closed-form

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Zhu, Q., & Basa̧r, T. (2013). Game-theoretic approach to feedback-driven multi-stage moving target defense. In Decision and Game Theory for Security - 4th International Conference, GameSec 2013, Proceedings (Vol. 8252 LNCS, pp. 246-263). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8252 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-02786-9_15

Game-theoretic approach to feedback-driven multi-stage moving target defense. / Zhu, Quanyan; Basa̧r, Tamer.

Decision and Game Theory for Security - 4th International Conference, GameSec 2013, Proceedings. Vol. 8252 LNCS Springer Verlag, 2013. p. 246-263 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8252 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhu, Q & Basa̧r, T 2013, Game-theoretic approach to feedback-driven multi-stage moving target defense. in Decision and Game Theory for Security - 4th International Conference, GameSec 2013, Proceedings. vol. 8252 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8252 LNCS, Springer Verlag, pp. 246-263, 4th International Conference on Decision and Game Theory for Security, GameSec 2013, Fort Worth, TX, United States, 11/11/13. https://doi.org/10.1007/978-3-319-02786-9_15
Zhu Q, Basa̧r T. Game-theoretic approach to feedback-driven multi-stage moving target defense. In Decision and Game Theory for Security - 4th International Conference, GameSec 2013, Proceedings. Vol. 8252 LNCS. Springer Verlag. 2013. p. 246-263. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-02786-9_15
Zhu, Quanyan ; Basa̧r, Tamer. / Game-theoretic approach to feedback-driven multi-stage moving target defense. Decision and Game Theory for Security - 4th International Conference, GameSec 2013, Proceedings. Vol. 8252 LNCS Springer Verlag, 2013. pp. 246-263 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{fa342f9edc654130a21e262d0e6d08e7,
title = "Game-theoretic approach to feedback-driven multi-stage moving target defense",
abstract = "The static nature of computer networks allows malicious attackers to easily gather useful information about the network using network scanning and packet sniffing. The employment of secure perimeter firewalls and intrusion detection systems cannot fully protect the network from sophisticated attacks. As an alternative to the expensive and imperfect detection of attacks, it is possible to improve network security by manipulating the attack surface of the network in order to create a moving target defense. In this paper, we introduce a proactive defense scheme that dynamically alters the attack surface of the network to make it difficult for attackers to gather system information by increasing complexity and reducing its signatures. We use concepts from systems and control literature to design an optimal and efficient multi-stage defense mechanism based on a feedback information structure. The change of attack surface involves a reconfiguration cost and a utility gain resulting from risk reduction. We use information- and control-theoretic tools to provide closed-form optimal randomization strategies. The results are corroborated by a case study and several numerical examples.",
author = "Quanyan Zhu and Tamer Basa̧r",
year = "2013",
doi = "10.1007/978-3-319-02786-9_15",
language = "English (US)",
isbn = "9783319027852",
volume = "8252 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "246--263",
booktitle = "Decision and Game Theory for Security - 4th International Conference, GameSec 2013, Proceedings",

}

TY - GEN

T1 - Game-theoretic approach to feedback-driven multi-stage moving target defense

AU - Zhu, Quanyan

AU - Basa̧r, Tamer

PY - 2013

Y1 - 2013

N2 - The static nature of computer networks allows malicious attackers to easily gather useful information about the network using network scanning and packet sniffing. The employment of secure perimeter firewalls and intrusion detection systems cannot fully protect the network from sophisticated attacks. As an alternative to the expensive and imperfect detection of attacks, it is possible to improve network security by manipulating the attack surface of the network in order to create a moving target defense. In this paper, we introduce a proactive defense scheme that dynamically alters the attack surface of the network to make it difficult for attackers to gather system information by increasing complexity and reducing its signatures. We use concepts from systems and control literature to design an optimal and efficient multi-stage defense mechanism based on a feedback information structure. The change of attack surface involves a reconfiguration cost and a utility gain resulting from risk reduction. We use information- and control-theoretic tools to provide closed-form optimal randomization strategies. The results are corroborated by a case study and several numerical examples.

AB - The static nature of computer networks allows malicious attackers to easily gather useful information about the network using network scanning and packet sniffing. The employment of secure perimeter firewalls and intrusion detection systems cannot fully protect the network from sophisticated attacks. As an alternative to the expensive and imperfect detection of attacks, it is possible to improve network security by manipulating the attack surface of the network in order to create a moving target defense. In this paper, we introduce a proactive defense scheme that dynamically alters the attack surface of the network to make it difficult for attackers to gather system information by increasing complexity and reducing its signatures. We use concepts from systems and control literature to design an optimal and efficient multi-stage defense mechanism based on a feedback information structure. The change of attack surface involves a reconfiguration cost and a utility gain resulting from risk reduction. We use information- and control-theoretic tools to provide closed-form optimal randomization strategies. The results are corroborated by a case study and several numerical examples.

UR - http://www.scopus.com/inward/record.url?scp=84893401012&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893401012&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-02786-9_15

DO - 10.1007/978-3-319-02786-9_15

M3 - Conference contribution

AN - SCOPUS:84893401012

SN - 9783319027852

VL - 8252 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 246

EP - 263

BT - Decision and Game Theory for Security - 4th International Conference, GameSec 2013, Proceedings

PB - Springer Verlag

ER -