Abstract
In the multi-step attack-defense scenarios (MSADSs), each rational player (the attacker or the defender) tries to maximize his payoff, but the uncertainty about his opponent prevents him from taking the suitable actions. The defender doesn’t know the attacker’s target list, and may deploy unnecessary but costly defenses to protect machines not in the target list. Similarly, the attacker doesn’t know the deployed protections, and may spend lots of time and effort on a well-protected machine. We develop a repeated two-way signaling game to model the MSADSs on confidentiality, and show how to find the actions maximizing the expected payoffs through the equilibrium. In the proposed model, on receiving each intrusion detection system alert (i.e., a signal), the defender follows the equilibrium to gradually reduce the uncertainty about the attacker’s targets and calculate the defenses maximizing his expected payoff.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alpcan, T., Basar, T.: A game theoretic approach to decision and analysis in network intrusion detection. In: IEEE Conference on Decision and Control (CDC), pp. 2595–2600 (2003)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: ACM Conference on Computer Communications Security (CCS), pp. 217–224 (2002)
Beckery, S., Seibert, J., et al.: Applying game theory to analyze attacks and defenses in virtual coordinate systems. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 133–144 (2011)
Bohme, R., Moore, T.: The iterated weakest link: A model of adaptive security investment. In: Workshop on Economics of Information Security (WEIS) (2009)
Cheung, S., Lindqvist, U., Fong, M.: Modeling multistep cyber attacks for scenario recognition. In: DARPA Information Survivability Conference and Exposition (DISCEX), pp. 284–292 (2003)
Estiri, M., Khademzadeh, A.: A theoretical signaling game model for intrusion detection in wireless sensor networks. In: International Telecommunications Network Strategy and Planning Symposium (Networks), pp. 1–6 (2010)
Fultz, N., Grossklags, J.: Blue versus Red: Towards a Model of Distributed Security Attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)
Gibbons, R.: Game Theory for Applied Economists. Princeton Press (1992)
Khouzani, M., Sarkar, S., Altman, E.: A dynamic game solution to malware attack. In: IEEE INFOCOM, pp. 2138–2146 (2011)
Li, F., Yang, Y., Wu, J.: Attack and flee: Game-theory-based analysis on interactions among nodes in MANETs. IEEE Transactions on Systems, Man and Cybernetics - Part B: Cybernetics 40(3), 612–622 (2010)
Liu, P., Zang, W.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. In: ACM Conference on Computer Communications Security (CCS), pp. 179–189 (2003)
Liu, Y., Comaniciu, C., Man, H.: A Bayesian game approach for intrusion detection in wireless ad hoc networks. In: International Workshop on Game Theory for Communications and Networks (GameNets), pp. 3–14 (2006)
Luo, Y., Szidarovszky, F., et al.: Game theory based network security. Journal of Information Security 1(1), 41–44 (2010)
Lye, K., Wing, J.: Game strategies in network security (extended abstract). In: IEEE Computer Security Foundations Workshop (CSFW), pp. 2–11 (2002)
Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system (version 2.0). Forum of Incident Response and Security Teams (2007)
National Institute of Standards and Technology, USA. National vulnerability database (2010), http://nvd.nist.gov/home.cfm
Nguyen, K., Alpcan, T., Basar, T.: Security games with incomplete information. In: IEEE International Conference on Communications (ICC), pp. 714–719 (2009)
Ning, P., Cui, Y., Reeves, D.: Constructing attack scenarios through correlation of intrusion alerts. In: ACM Conference on Computer Communications Security (CCS), pp. 245–254 (2002)
Noel, S., Jajodia, S., et al: Efficient minimum-cost network hardening via exploit dependency graphs. In: Annual Computer Security Applications Conference (ACSAC), pp. 86–95 (2003)
Ou, X., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: ACM Conference on Computer Communications Security (CCS), pp. 336–345 (2006)
Patcha, A., Park, J.-M.: A game theoretic approach to modeling intrusion detection in mobile ad hoc networks. In: IEEE Workshop on Information Assurance and Security, pp. 1555–1559 (2004)
Sallhammar, K., Helvik, B., Knapskog, S.: On stochastic modeling for integrated security and dependability evaluation. Journal of Networks 1(5), 31–42 (2006)
Schiffman, M., Eschelbeck, G., et al.: CVSS: A common vulnerability scoring system. National Infrastructure Advisory Council (2004)
Shen, D., Chen, G., et al.: Adaptive Markov game theoretic data fusion approach for cyber network defense. In: IEEE Military Communications Conference (MILCOM), pp. 1–7 (2007)
Sheyner, O., Haines, J., et al.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy (S&P), pp. 254–265 (2002)
Valeur, F., Vigna, G., et al.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 1(3), 146–169 (2004)
Wang, W., Chatterjee, M., Kwiat, K.: Coexistence with malicious nodes: A game theoretic approach. In: ICST International Conference on Game Theory for Networks (GameNets), pp. 277–286 (2009)
Xie, P., Li, J., et al.: Using Bayesian networks for cyber security analysis. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 211–220 (2010)
Zhang, Z., Ho, P.-H.: Janus: A dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks. Journal of Network and Computer Applications 32(3), 710–720 (2009)
Zhu, Q., Basar, T.: Dynamic policy-based IDS configuration. In: IEEE Conference on Decision and Control (CDC), pp. 8600–8605 (2009)
Zonouz, S., Khurana, H., et al.: RRE: A game-theoretic intrusion response and recovery engine. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 439–448 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lin, J., Liu, P., Jing, J. (2012). Using Signaling Games to Model the Multi-step Attack-Defense Scenarios on Confidentiality. In: Grossklags, J., Walrand, J. (eds) Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science, vol 7638. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34266-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-34266-0_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34265-3
Online ISBN: 978-3-642-34266-0
eBook Packages: Computer ScienceComputer Science (R0)