Skip to main content

Optimal and Game-Theoretic Deployment of Security Investments in Interdependent Assets

Part of the Lecture Notes in Computer Science book series (LNSC,volume 9996)

Abstract

We introduce a game-theoretic framework to compute optimal and strategic security investments by multiple defenders. Each defender is responsible for the security of multiple assets, with the interdependencies between the assets captured by an interdependency graph. We formulate the problem of computing the optimal defense allocation by a single defender as a convex optimization problem, and establish the existence of a pure Nash equilibrium of the game between multiple defenders. We apply our proposed framework in two case studies on interdependent SCADA networks and distributed energy resources, respectively. In particular, we investigate the efficiency loss due to decentralized defense allocations.

Keywords

  • Nash Equilibrium
  • Defense Strategy
  • Social Optimum
  • Pure Nash Equilibrium
  • Generalize Nash Equilibrium

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Ashish R. Hota is supported by a grant from the Purdue Research Foundation (PRF).

Abraham A. Clements is supported by Sandia National Laboratories. Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND2016-8085C.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-47413-7_6
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   64.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-47413-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   84.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.

Notes

  1. 1.

    If there are multiple entry points to the network, we can add a source node s and add edges from s to all entry points with attack probabilities equal to 1.

  2. 2.

    Interdependency graphs also capture essential features of attack graphs [3, 7] where the nodes represent intermediate steps in multi-stage attacks.

References

  1. Boyd, S., Vandenberghe, L.: Convex Optimization. Cambridge University Press, New York (2004)

    CrossRef  MATH  Google Scholar 

  2. Cook, W.J., Cunningham, W.H., Pulleyblank, W.R., Schrijver, A.: Combinatorial Optimization, vol. 605. Springer, Heidelberg (1998)

    MATH  Google Scholar 

  3. Durkota, K., Lisý, V., Bošanský, B., Kiekintveld, C.: Approximate solutions for attack graph games with imperfect information. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 228–249. Springer, Heidelberg (2015). doi:10.1007/978-3-319-25594-1_13

    CrossRef  Google Scholar 

  4. Facchinei, F., Kanzow, C.: Generalized Nash equilibrium problems. Ann. Oper. Res. 175(1), 177–211 (2010)

    MathSciNet  CrossRef  MATH  Google Scholar 

  5. Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theory meets information security management. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 15–29. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55415-5_2

    CrossRef  Google Scholar 

  6. Grant, M., Boyd, S., Ye, Y.: CVX: Matlab software for disciplined convex programming (2008)

    Google Scholar 

  7. Homer, J., Zhang, S., Ou, X., Schmidt, D., Du, Y., Rajagopalan, S.R., Singhal, A.: Aggregating vulnerability metrics in enterprise networks using attack graphs. J. Comput. Secur. 21(4), 561–597 (2013)

    CrossRef  Google Scholar 

  8. Israeli, E., Wood, R.K.: Shortest-path network interdiction. Networks 40(2), 97–111 (2002)

    MathSciNet  CrossRef  MATH  Google Scholar 

  9. Jain, M., Conitzer, V., Tambe, M.: Security scheduling for real-world networks. In: AAMAS, pp. 215–222 (2013)

    Google Scholar 

  10. Jajodia, S., Ghosh, A.K., Subrahmanian, V., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense II. Application of Game Theory and Adversarial Modeling. Advances in Information Security, vol. 100, p. 203. Springer, New York (2013)

    Google Scholar 

  11. Jauhar, S., Chen, B., Temple, W.G., Dong, X., Kalbarczyk, Z., Sanders, W.H., Nicol, D.M.: Model-based cybersecurity assessment with nescor smart grid failure scenarios. In: 21st Pacific Rim International Symposium on Dependable Computing, pp. 319–324. IEEE (2015)

    Google Scholar 

  12. Kundur, D., Feng, X., Liu, S., Zourntos, T., Butler-Purry, K.L.: Towards a framework for cyber attack impact analysis of the electric smart grid. In: IEEE SmartGridComm, pp. 244–249 (2010)

    Google Scholar 

  13. Laszka, A., Felegyhazi, M., Buttyan, L.: A survey of interdependent information security games. ACM Comput. Surv. (CSUR) 47(2), 23:1–23:38 (2014)

    CrossRef  Google Scholar 

  14. Letchford, J., Vorobeychik, Y.: Computing randomized security strategies in networked domains. In: Applied Adversarial Reasoning and Risk Modeling 2011, vol. 06 (2011)

    Google Scholar 

  15. Letchford, J., Vorobeychik, Y.: Optimal interdiction of attack plans. In: AAMAS, pp. 199–206 (2013)

    Google Scholar 

  16. Lou, J., Smith, A.M., Vorobeychik, Y.: Multidefender security games. arXiv preprint arXiv:1505.07548 (2015)

  17. Electric sector failure scenarios and impact analyses, National Electric Sector Cybersecurity Organization Resource, EPRI (2014)

    Google Scholar 

  18. Rosen, J.B.: Existence and uniqueness of equilibrium points for concave n-person games. Econometrica: J. Econometric Soc. 33(3), 520–534 (1965)

    MathSciNet  CrossRef  MATH  Google Scholar 

  19. Sreekumaran, H., Hota, A.R., Liu, A.L., Uhan, N.A., Sundaram, S.: Multi-agent decentralized network interdiction games. arXiv preprint arXiv:1503.01100 (2015)

  20. Stouffer, K.: Guide to industrial control systems (ICS) security. NIST special publication 800-82, 16-16 (2011)

    Google Scholar 

  21. Emerging threat: Dragonfly/Energetic Bear - APT Group (2014). http://www.symantec.com/connect/blogs/emerging-threat-dragonfly-energetic-bear-apt-group, Symantec Official Blog. Accessed 15 Aug 2016

  22. Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, New York (2011)

    CrossRef  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ashish R. Hota .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Hota, A.R., Clements, A.A., Sundaram, S., Bagchi, S. (2016). Optimal and Game-Theoretic Deployment of Security Investments in Interdependent Assets. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds) Decision and Game Theory for Security. GameSec 2016. Lecture Notes in Computer Science(), vol 9996. Springer, Cham. https://doi.org/10.1007/978-3-319-47413-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47413-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47412-0

  • Online ISBN: 978-3-319-47413-7

  • eBook Packages: Computer ScienceComputer Science (R0)