Optimizing Active Cyber Defense

  • Wenlian Lu
  • Shouhuai Xu
  • Xinlei Yi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8252)


Active cyber defense is one important defensive method for combating cyber attacks. Unlike traditional defensive methods such as firewall-based filtering and anti-malware tools, active cyber defense is based on spreading “white” or “benign” worms to combat against the attackers’ malwares (i.e., malicious worms) that also spread over the network. In this paper, we initiate the study of optimal active cyber defense in the setting of strategic attackers and/or strategic defenders. Specifically, we investigate infinite-time horizon optimal control and fast optimal control for strategic defenders (who want to minimize their cost) against non-strategic attackers (who do not consider the issue of cost). We also investigate the Nash equilibria for strategic defenders and attackers. We discuss the cyber security meanings/implications of the theoretic results. Our study brings interesting open problems for future research.


cyber security model active cyber defense optimization epidemic model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aitel, D.: Nematodes – beneficial worms (September 2005),
  2. 2.
    Alpcan, T., Başar, T.: Network Security: A Decision and Game Theoretic Approach. Cambridge University Press (2011)Google Scholar
  3. 3.
    Bardi, M., Capuzzo-Dolcetta, I.: Optimal control and viscosity solutions of Hamilton-Jacobi-Bellman equations. Birkhauser (2008)Google Scholar
  4. 4.
    Bensoussan, A., Kantarcioglu, M., Hoe, S.R.: A game-theoretical approach for finding optimal strategies in a botnet defense model. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 135–148. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Castaneda, F., Sezer, E., Xu, J.: Worm vs. worm: preliminary study of an active counter-attack mechanism. In: Proc. ACM WORM 2004, pp. 83–93 (2004)Google Scholar
  6. 6.
    Chakrabarti, D., Wang, Y., Wang, C., Leskovec, J., Faloutsos, C.: Epidemic thresholds in real networks. ACM Trans. Inf. Syst. Secur. 10(4), 1–26 (2008)CrossRefGoogle Scholar
  7. 7.
    Collins, M.: A cost-based mechanism for evaluating the effectiveness of moving target defenses. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 221–233. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Fultz, N., Grossklags, J.: Blue versus Red: Towards a Model of Distributed Security Attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Ganesh, A., Massoulie, L., Towsley, D.: The effect of network topology on the spread of epidemics. In: Proc. of IEEE Infocom 2005 (2005)Google Scholar
  10. 10.
    Kephart, J., White, S.: Directed-graph epidemiological models of computer viruses. In: Proc. IEEE Symposium on Security and Privacy, pp. 343–361 (1991)Google Scholar
  11. 11.
    Kephart, J., White, S.: Measuring and modeling computer virus prevalence. In: Proc. IEEE Symposium on Security and Privacy, pp. 2–15 (1993)Google Scholar
  12. 12.
    Kermack, W., McKendrick, A.: A contribution to the mathematical theory of epidemics. Proc. of Roy. Soc. Lond. A 115, 700–721 (1927)CrossRefzbMATHGoogle Scholar
  13. 13.
    Kesan, J., Hayes, C.: Mitigative counterstriking: Self-defense and deterrence in cyberspace. Harvard Journal of Law and Technology (forthcoming), SSRN:
  14. 14.
    Khouzani, M., Sarkar, S., Altman, E.: A dynamic game solution to malware attack. In: Proc. IEEE INFOCOM, pp. 2138–2146 (2011)Google Scholar
  15. 15.
    Khouzani, M., Sarkar, S., Altman, E.: Saddle-point strategies in malware attack. IEEE Journal on Selected Areas in Communications 30(1), 31–43 (2012)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Lin, H.: Lifting the veil on cyber offense. IEEE Security & Privacy 7(4), 15–21 (2009)CrossRefGoogle Scholar
  17. 17.
    Manshaei, M., Zhu, Q., Alpcan, T., Basar, T., Hubaux, J.: Game theory meets network security and privacy. In: ACM Computing Survey (to appear)Google Scholar
  18. 18.
    Matthews, W.: U.s. said to need stronger, active cyber defenses (October 1, 2010),
  19. 19.
    McKendrick, A.: Applications of mathematics to medical problems. Proc. of Edin. Math. Soceity 14, 98–130 (1926)Google Scholar
  20. 20.
    Naraine, R.: ‘friendly’ welchia worm wreaking havoc (August 19, 2003),
  21. 21.
    Omic, J., Orda, A., Van Mieghem, P.: Protecting against network infections: A game theoretic perspective. In: Infocom 2009, pp. 1485–1493 (2009)Google Scholar
  22. 22.
    Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  23. 23.
    Schneier, B.: Benevolent worms (February 19, 2008),
  24. 24.
    Shaughnessy, L.: The internet: Frontline of the next war? (November 7, 2011),
  25. 25.
    Theodorakopoulos, G., Boudec, J.-Y.L., Baras, J.S.: Selfish response to epidemic propagation. IEEE Trans. Aut. Contr. 58(2), 363–376 (2013)CrossRefGoogle Scholar
  26. 26.
    Van Mieghem, P., Omic, J., Kooij, R.: Virus spread in networks. IEEE/ACM Trans. Netw. 17(1), 1–14 (2009)CrossRefGoogle Scholar
  27. 27.
    Vojnovic, M., Ganesh, A.: On the race of worms, alerts, and patches. IEEE/ACM Trans. Netw. 16, 1066–1079 (2008)CrossRefGoogle Scholar
  28. 28.
    Wang, Y., Chakrabarti, D., Wang, C., Faloutsos, C.: Epidemic spreading in real networks: An eigenvalue viewpoint. In: Proc. IEEE SRDS 2003, pp. 25–34 (2003)Google Scholar
  29. 29.
    Weaver, N., Ellis, D.: White worms don’t work. login: The Usenix Magazine 31(6), 33–38 (2006)Google Scholar
  30. 30.
    Homeland Security News Wire. Active cyber-defense strategy best deterrent against cyber-attacks (June 28, 2011),
  31. 31.
    Wolf, J.: Update 2-u.s. says will boost its cyber arsenal (November 7, 2011),
  32. 32.
    Xu, S., Lu, W., Xu, L.: Push- and pull-based epidemic spreading in arbitrary networks: Thresholds and deeper insights. ACM Transactions on Autonomous and Adaptive Systems (ACM TAAS) 7(3), 32:1–32:26 (2012)Google Scholar
  33. 33.
    Xu, S., Lu, W., Xu, L., Zhan, Z.: Adaptive epidemic dynamics in networks: Thresholds and control. ACM Transactions on Autonomous and Adaptive Systems (ACM TAAS) (to appear)Google Scholar
  34. 34.
    Xu, S., Lu, W., Zhan, Z.: A stochastic model of multivirus dynamics. IEEE Trans. Dependable Sec. Comput. 9(1), 30–45 (2012)CrossRefGoogle Scholar
  35. 35.
    Xu, S., Lu, W., Li, H.: A stochastic model of active cyber defense dynamics. Internet Mathematics (to appear)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Wenlian Lu
    • 1
    • 2
  • Shouhuai Xu
    • 3
  • Xinlei Yi
    • 1
  1. 1.School of Mathematical SciencesFudan UniversityShanghaiP.R. China
  2. 2.Department of Computer ScienceUniversity of WarwickCoventryUK
  3. 3.Department of Computer ScienceUniversity of Texas at San AntonioSan AntonioUSA

Personalised recommendations