Advertisement

Cyber Camouflage Games for Strategic Deception

  • Omkar ThakoorEmail author
  • Milind Tambe
  • Phebe Vayanos
  • Haifeng Xu
  • Christopher Kiekintveld
  • Fei Fang
Conference paper
  • 258 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11836)

Abstract

The rapid increase in cybercrime, causing a reported annual economic loss of $600 billion (Lewis 2018), has prompted a critical need for effective cyber defense. Strategic criminals conduct network reconnaissance prior to executing attacks to avoid detection and establish situational awareness via scanning and fingerprinting tools. Cyber deception attempts to foil these reconnaissance efforts by camouflaging network and system attributes to disguise valuable information. Game-theoretic models can identify decisions about strategically deceiving attackers, subject to domain constraints. For effectively deploying an optimal deceptive strategy, modeling the objectives and the abilities of the attackers, is a key challenge. To address this challenge, we present Cyber Camouflage Games (CCG), a general-sum game model that captures attackers which can be diversely equipped and motivated. We show that computing the optimal defender strategy is NP-hard even in the special case of unconstrained CCGs, and present an efficient approximate solution for it. We further provide an MILP formulation accelerated with cut-augmentation for the general constrained problem. Finally, we provide experimental evidence that our solution methods are efficient and effective.

Keywords

Game theory Cyber deception Optimization 

Notes

Acknowledgements

This research was sponsored by the Army Research Office (grant W911NF-17-1-0370) and also in part by National Science Foundation (grant IIS-1850477) and Army Reserch Lab’s Cyber Security CRA (grant W911NF-13-2-00).

References

  1. Achleitner, S., La Porta, T., McDaniel, P., Sugrim, S., Krishnamurthy, S.V., Chadha, R.: Cyber deception: virtual networks to defend insider reconnaissance. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Threats, pp. 57–68. ACM (2016)Google Scholar
  2. Albanese, M., Battista, E., Jajodia, S., Casola, V.: Manipulating the attacker’s view of a system’s attack surface. In: 2014 IEEE Conference on Communications and Network Security (CNS), pp. 472–480. IEEE (2014)Google Scholar
  3. Albanese, M., Battista, E., Jajodia, S.: Deceiving attackers by creating a virtual attack surface. In: Jajodia, S., Subrahmanian, V.S.S., Swarup, V., Wang, C. (eds.) Cyber Deception, pp. 169–201. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-32699-3_8CrossRefGoogle Scholar
  4. Alpcan, T., Başar, T.: Network security: a decision and game-theoretic approach (2010)Google Scholar
  5. Arkin, O., Yarochkin, F.: A fuzzy approach to remote active operating system fingerprinting (2003). http://www.syssecurity.com/archive/papers/Xprobe2.pdf
  6. Auffret, P.: SinFP, unification of active and passive operating system fingerprinting. J. Comput. Virol. 6(3), 197–205 (2010).  https://doi.org/10.1007/s11416-008-0107-zCrossRefGoogle Scholar
  7. Berrueta, D.B.: A practical approach for defeating Nmap OS-fingerprinting (2003)Google Scholar
  8. Breton, M., Alj, A., Haurie, A.: Sequential Stackelberg equilibria in two-person games. J. Optim. Theory Appl. (1988).  https://doi.org/10.1007/BF00939867MathSciNetCrossRefGoogle Scholar
  9. Chadha, R., et al.: Cybervan: a cyber security virtual assured network testbed. In: MILCOM 2016–2016 IEEE Military Communications Conference (2016).  https://doi.org/10.1109/MILCOM.2016.7795481
  10. De Gaspari, F., Jajodia, S., Mancini, L.V., Panico, A.: Ahead: a new architecture for active defense. In: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense (2016)Google Scholar
  11. Durkota, K., Lisỳ, V., Bosanskỳ, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. In: IJCAI (2015)Google Scholar
  12. Ferguson-Walter, K., LaFon, D., Shade, T.: Friend or faux: deception for cyber defense. J. Inf. Warfare 16, 28–42 (2017)Google Scholar
  13. Goel, V., Perlroth, N.: Yahoo Says 1 Billion User Accounts Were Hacked (2016). https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html
  14. Guo, Q., Gan, J., Fang, F., Tran-Thanh, L., Tambe, M., An, B.: On the inducibility of Stackelberg equilibrium for security games. CoRR abs/1811.03823 (2018)Google Scholar
  15. Gutzmer, I.: Equifax Announces Cybersecurity Incident Involving Consumer Information (2017). https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628
  16. Jiang, A.X., Chan, H., Leyton-Brown, K.: Resource graph games: a compact representation for games with structured strategy spaces. In: AAAI (2017)Google Scholar
  17. Joyce, R.: Disrupting nation state hackers. USENIX Association, San Francisco, CA (2016)Google Scholar
  18. Kiekintveld, C., Marecki, J., Tambe, M.: Approximation methods for infinite Bayesian Stackelberg games: modeling distributional payoff uncertainty. In: AAMAS (2011). http://dl.acm.org/citation.cfm?id=2034396.2034412
  19. Kiekintveld, C., Islam, T., Kreinovich, V.: Security games with interval uncertainty. In: AAMAS (2013)Google Scholar
  20. Laszka, A., Vorobeychik, Y., Koutsoukos, X.D.: Optimal personalized filtering against spear-phishing attacks. In: AAAI (2015)Google Scholar
  21. Lewis, J.: Economic impact of cybercrime (2018). https://www.csis.org/analysis/economic-impact-cybercrime
  22. Lyon, G.F.: Nmap network scanning: the official Nmap project guide to network discovery and security scanning (2009)Google Scholar
  23. MacFarland, D.C., Shue, C.A.: The SDN shuffle: creating a moving-target defense using host-based software-defined networking. In: Proceedings of the Second ACM Workshop on Moving Target Defense, pp. 37–41. ACM (2015)Google Scholar
  24. Mandiant: APT1: Exposing one of China’s cyber espionage units (2013)Google Scholar
  25. Nguyen, T.H., Yadav, A., An, B., Tambe, M., Boutilier, C.: Regret-based optimization and preference elicitation for Stackelberg security games with uncertainty. In: AAAI (2014). http://dl.acm.org/citation.cfm?id=2893873.2893991
  26. Peterson, A.: OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought (2015). https://www.washingtonpost.com/news/the-switch/wp/2015/09/23/opm-now-says-more-than-five-million-fingerprints-compromised-in-breaches
  27. Pıbil, R., Lisỳ, V., Kiekintveld, C., Bošanskỳ, B., Pechoucek, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34266-0_12CrossRefzbMATHGoogle Scholar
  28. Pita, J., Jain, M., Tambe, M., Ordóñez, F., Kraus, S.: Robust solutions to Stackelberg games. Artif. Intell. 174(15), 1142–1171 (2010).  https://doi.org/10.1016/j.artint.2010.07.002MathSciNetCrossRefGoogle Scholar
  29. Rahman, M.A., Manshaei, M.H., Al-Shaer, E.: A game-theoretic approach for deceiving remote operating system fingerprinting. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 73–81 (2013)Google Scholar
  30. Schlenker, A., et al.: Don’t bury your head in warnings: a game-theoretic approach for intelligent allocation of cyber-security alerts (2017)Google Scholar
  31. Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: AAMAS (2018). http://dl.acm.org/citation.cfm?id=3237383.3237833
  32. Serra, E., Jajodia, S., Pugliese, A., Rullo, A., Subrahmanian, V.: Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(3), 11 (2015)CrossRefGoogle Scholar
  33. Sinha, A., Malo, P., Deb, K.: A review on bilevel optimization: from classical to evolutionary approaches and applications. IEEE Trans. Evol. Comput. 22(2), 276–295 (2018).  https://doi.org/10.1109/TEVC.2017.2712906CrossRefGoogle Scholar
  34. von Stengel, B., Zamir, S.: Leadership with commitment to mixed strategies. Technical report (2004)Google Scholar
  35. Tambe, M.: Security and game theory: algorithms, deployed systems, lessons learned (2011)Google Scholar
  36. Thinkst: Canary (2015). https://canary.tools/
  37. Tijs, S.H.: Nash equilibria for noncooperative n-person games in normal form. SIAM Rev. (1981). http://www.jstor.org/stable/2029993

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Omkar Thakoor
    • 1
    Email author
  • Milind Tambe
    • 1
  • Phebe Vayanos
    • 1
  • Haifeng Xu
    • 2
  • Christopher Kiekintveld
    • 3
  • Fei Fang
    • 4
  1. 1.University of Southern CaliforniaLos AngelesUSA
  2. 2.University of VirginiaCharlottesvilleUSA
  3. 3.University of Texas at El PasoEl PasoUSA
  4. 4.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations