Abstract
The security community has placed a significant emphasis on developing tools and techniques to address known security issues. Some examples of this emphasis include security tools such as anti-virus software and Intrusion Detection Systems (IDS). This reactive approach to security is effective against novice adversaries (i.e. script kiddies) because they typically use off-the-shelf tools and popular techniques to conduct their attacks. In contrast, the innovative adversaries often devise novel attack vectors and methodologies that can render reactive measures inadequate. These pioneering adversaries have continually pushed the security frontier forward and motivate a need for proactive security approaches. A proactive approach that we pursue in this research is actionable cyber-attack forecasting. The objectives of actionable cyber-attack forecasting are to learn an attacker’s behavioral model, to predict future attacks, and to select appropriate countermeasures. The computational complexity of analyzing attacker models has been an impediment to the realization of reliable cyber-attack forecasting. We address this complexity issue by developing adversary models and corresponding complexity reduction techniques. We then introduce a heuristic for learning behavioral models of potentially deceptive adversaries online. Last, we consider a capture-the-flag problem, formulate the problem as a cybersecurity game with asymmetric information, and demonstrate how the models and techniques developed in this paper can be used to forecast a cyber-attack and recommend appropriate countermeasures.
This research was supported by ARO/MURI Project W911NF-09-1-0553.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alpcan, T., Basar, T.: An intrusion detection game with limited observations. In: Proc. of the 43rd IEEE Conference on Decision and Control (2004)
You, X., Shiyong, Z.: A kind of network security behavior model based on game theory. In: Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies (2003)
Doupé, A., Egele, M., Caillat, B., Stringhini, G., Yakin, G., Zand, A., Cavedon, L., Vigna, G.: Hit ’em where it hurts: a live security exercise on cyber situational awareness. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011, pp. 51–61. ACM, New York (2011)
Aumann, R.J., Maschler, M.: Repeated Games with Incomplete Information. MIT Press (1995)
Jones, M., Shamma, J.S.: Policy improvement for repeated zero-sum games with asymmetric information. In: 51st IEEE Conference on Decision and Control (December 2012)
Domansky, V.C., Kreps, V.L.: Eventually revealing repeated games of incomplete information. International Journal of Game Theory 23, 89–109 (1994)
Kotsalis, G., Megretski, A., Dahleh, M.: Balanced Truncation for a Class of Stochastic Jump Linear Systems and Model Reduction of Hidden Markov Models. IEEE Transactions on Automatic Control 53 (2008)
Heur, M.: Optimal strategies for the uninformed player. International Journal of Game Theory 20, 33–51
Zamir, S.: On the relation between finitely and infinitely repeated games with incomplete information. International Journal of Game Theory 23, 179–198
Gilpin, A., Sandholm, T.: Solving two-person zero-sum repeated games of incomplete information. In: International Joint Conference on Autonomous Agents and Multiagent Systems, vol. 2, pp. 903–910 (2008)
Zamir, S.: Repeated games of incomplete information: Zero-sum. In: Handbook of Game Theory, vol. 1, pp. 109–154 (1999)
Aumann, R.: Mixed and behavior strategies in infinite extensive games. Princeton University (1961)
Ponssard, J., Sorin, S.: The l-p formulation of finite zero-sum games with incomplete information. International Journal of Game Theory 9, 99–105 (1999)
Blackwell, D.: An analog of the minimax theorem for vector payoffs. Pacific Journal of Mathematics 1956(1), 1–8 (1956)
Freund, Y., Schapire, R.E.: Game theory, on-line prediction and boosting. In: Proceedings of the Ninth Annual Conference on Computational Learning Theory, COLT 1996, pp. 325–332. ACM, New York (1996), http://doi.acm.org/10.1145/238061.238163
Rosenberg, D., Solan, E., Vieille, N.: Stochastic games with a single controller and incomplete information. Northwestern University, Center for Mathematical Studies in Economics and Management Science, Discussion Papers 1346 (May 2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Jones, M., Kotsalis, G., Shamma, J.S. (2013). Cyber-Attack Forecast Modeling and Complexity Reduction Using a Game-Theoretic Framework. In: Tarraf, D. (eds) Control of Cyber-Physical Systems. Lecture Notes in Control and Information Sciences, vol 449. Springer, Heidelberg. https://doi.org/10.1007/978-3-319-01159-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-01159-2_4
Publisher Name: Springer, Heidelberg
Print ISBN: 978-3-319-01158-5
Online ISBN: 978-3-319-01159-2
eBook Packages: EngineeringEngineering (R0)