Abstract
Large-scale networked systems, such as the power grid, are comprised of a large number of interconnected assets managed by multiple self-interested stakeholders. The interdependencies between the assets play a critical role in the security of the overall system, especially against strategic attackers who exploit these interdependencies to target valuable assets. In this work, we develop a general game-theoretic framework to model the security investments of resource-constrained stakeholders against targeted attacks. We consider two complementary problems: (i) where defenders are given a budget to minimize expected loss due to attacks and (ii) where defenders minimize security investment cost subject to a maximum security risk they are willing to tolerate per each valuable asset. For both problems, we establish the existence of Nash equilibria and show that the problem of computing the optimal defense allocation by a central authority and the (decentralized) problem of computing the best response for a single defender can be formulated as convex optimization problems. We then show that our framework can be applied to determine deployment of moving target defense (MTD) in networks. We first apply the game-theoretic framework on the IEEE 300 bus power grid network and compare the optimal expected loss (respectively, security investment cost) under centralized and Nash equilibrium defense allocations. We then show how our framework can be used to compute optimal deployment of MTD on an e-commerce system.
In a preliminary version of this work [20], we only investigated the security risk minimization game, and considered different sets of case studies.Abraham Clements is supported by Sandia National Laboratories. Sandia National Laboratories is a multimission laboratory managed and operated by National Technology and Engineering Solutions of Sandia LLC, a wholly owned subsidiary of Honeywell International Inc. for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-NA0003525. SAND2017-10889 B.This material is based in part upon work supported by the National Science Foundation under Grant Number CNS-1548114. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alpcan T, Başar T (2010) Network security: A decision and game-theoretic approach. Cambridge University Press
Amin S, Schwartz GA, Sastry SS (2013) Security of interdependent and identical networked control systems. Automatica 49(1):186–192
Antonatos S, Akritidis P, Markatos EP, Anagnostakis KG (2007) Defending against hitlist worms using network address space randomization. Computer Networks 51(12):3471–3490
Bagnoli M, Bergstrom T (2005) Log-concave probability and its applications. Economic Theory 26(2):445–469
Boyd S, Vandenberghe L (2004) Convex optimization. Cambridge university Press
Carroll TE, Crouse M, Fulp EW, Berenhaut KS (2014) Analysis of network address shuffling as a moving target defense. In: Communications (ICC), 2014 IEEE International Conference on, IEEE, pp 701–706
Christie R (1993) Power systems test case archives. URL https://goo.gl/1AOSXj, retrieved: 2017-06-07
Cook WJ, Cunningham WH, Pulleyblank WR, Schrijver A (1998) Combinatorial optimization, vol 605. Springer
Durkota K, Lisỳ V, Bošanskỳ B, Kiekintveld C (2015) Approximate solutions for attack graph games with imperfect information. In: Decision and Game Theory for Security, Springer, pp 228–249
Dutang C (2013) Existence theorems for generalized Nash equilibrium problems. Journal of Nonlinear Analysis and Optimization: Theory & Applications 4(2):115–126
Fudenberg D, Levine DK (1998) The theory of learning in games, vol 2. MIT Press
Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Transactions on Information and System Security (TISSEC) 5(4):438–457
Grant M, Boyd S, Ye Y (2008) CVX: Matlab software for disciplined convex programming
Greenberg A (2017) ‘Crash Overdrive’: The malware that took down a power grid. URL http://bit.ly/2raojOf, Wired Magazine, retrieved: 2017-09-20
Gupta A, Schwartz G, Langbort C, Sastry SS, Basar T (2014) A three-stage Colonel Blotto game with applications to cyberphysical security. In: American Control Conference (ACC), 2014, IEEE, pp 3820–3825
Hogan WW (1973) Point-to-set maps in mathematical programming. SIAM Review 15(3):591–603
Homer J, Zhang S, Ou X, Schmidt D, Du Y, Rajagopalan SR, Singhal A (2013) Aggregating vulnerability metrics in enterprise networks using attack graphs. Journal of Computer Security 21(4):561–597
Hong JB, Kim DS (2016) Assessing the effectiveness of moving target defenses using security models. IEEE Transactions on Dependable and Secure Computing 13(2):163–177
Hota A, Sundaram S (2016) Interdependent security games on networks under behavioral probability weighting. IEEE Transactions on Control of Network Systems 5(1):262–273
Hota AR, Clements AA, Sundaram S, Bagchi S (2016) Optimal and game-theoretic deployment of security investments in interdependent assets. In: International Conference on Decision and Game Theory for Security, Springer, pp 101–113
Israeli E, Wood RK (2002) Shortest-path network interdiction. Networks 40(2):97–111
Jafarian JH, Al-Shaer E, Duan Q (2012) Openflow random host mutation: Transparent moving target defense using software defined networking. In: Proceedings of the first workshop on Hot topics in software defined networks, ACM, pp 127–132
Jajodia S, Ghosh AK, Subrahmanian V, Swarup V, Wang C, Wang XS (2013) Moving target defense II. Application of Game Theory and Adversarial Modeling Series: Advances in Information Security 100:203
Jiang L, Anantharam V, Walrand J (2011) How bad are selfish investments in network security? Networking, IEEE/ACM Transactions on 19(2):549–560
Kunreuther H, Heal G (2003) Interdependent security. Journal of risk and uncertainty 26(2–3):231–249
Laszka A, Felegyhazi M, Buttyan L (2014) A survey of interdependent information security games. ACM Computing Surveys (CSUR) 47(2):23:1–23:38
Letchford J, Vorobeychik Y (2013) Optimal interdiction of attack plans. In: AAMAS, pp 199–206
Lou J, Smith AM, Vorobeychik Y (2017) Multidefender security games. IEEE Intelligent Systems 32(1):50–60
Modelo-Howard G, Bagchi S, Lebanon G (2008) Determining placement of intrusion detectors for a distributed application through Bayesian network modeling. In: International Workshop on Recent Advances in Intrusion Detection, Springer, pp 271–290
Nzoukou W, Wang L, Jajodia S, Singhal A (2013) A unified framework for measuring a network’s mean time-to-compromise. In: Reliable Distributed Systems (SRDS), 2013 IEEE 32nd International Symposium on, IEEE, pp 215–224
Ok EA (2007) Real analysis with economic applications, vol 10. Princeton University Press
Okhravi H, Hobson T, Bigelow D, Streilein W (2014) Finding focus in the blur of moving-target techniques. IEEE Security & Privacy 12(2):16–26
Poolsappasit N, Dewri R, Ray I (2012) Dynamic security risk management using Bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing 9(1):61–74
Roberson B (2006) The Colonel Blotto game. Economic Theory 29(1):1–24
Rosen JB (1965) Existence and uniqueness of equilibrium points for concave n-person games. Econometrica: Journal of the Econometric Society 33(3):520–534
Sanger DE, Perlroth N (2016) A new era of internet attacks powered by everyday devices. URL https://nyti.ms/2nsqrlT, The New York Times, retrieved: 2017-05-14
Schwartz G, Shetty N, Walrand J (2013) Why cyber-insurance contracts fail to reflect cyber-risks. In: Communication, Control, and Computing (Allerton), 2013 51st Annual Allerton Conference on, IEEE, pp 781–787
Sreekumaran H, Hota AR, Liu AL, Uhan NA, Sundaram S (2015) Multi-agent decentralized network interdiction games. arXiv preprint arxiv:150301100
Tambe M (2011) Security and game theory: Algorithms, deployed systems, lessons learned. Cambridge University Press
Van Dijk M, Juels A, Oprea A, Rivest RL (2013) Flipit: The game of “stealthy takeover”. Journal of Cryptology 26(4):655–713
Van Leeuwen B, Stout WM, Urias V (2015) Operational cost of deploying moving target defenses defensive work factors. In: Military Communications Conference, MILCOM 2015-2015 IEEE, IEEE, pp 966–971
Wang L, Noel S, Jajodia S (2006) Minimum-cost network hardening using attack graphs. Computer Communications 29(18):3812–3824
Wang L, Jajodia S, Singhal A, Cheng P, Noel S (2014) K-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Transactions on Dependable and Secure Computing 11(1):30–44
Zhang M, Wang L, Jajodia S, Singhal A, Albanese M (2016) Network diversity: A security metric for evaluating the resilience of networks against zero-day attacks. IEEE Transactions on Information Forensics and Security 11(5):1071–1086
Acknowledgements
We thank Dr. Shaunak Bopardikar (United Technologies Research Center) and Dr. Pratyusha Manadhata (HP Labs) for fruitful discussions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Chapter Appendix: Generalized Nash Equilibrium
Chapter Appendix: Generalized Nash Equilibrium
In this section, we give a formal definition of a generalized Nash equilibrium (GNE) and state the required existence result that will be useful in our analysis. Let there be N players. The strategy set of player i is denoted as \(X_{i} \subseteq \mathbb{R}^{n_{i}}\). Let X: = Πi = 1N Xi, and X−i: = Πj = 1, j ≠ iN Xj. Let \(C_{i}: X_{-i} \rightarrow 2^{X_{i}}\) be the set-valued map or correspondence that defines the feasible strategy set for player i at a given strategy profile of all other players. Let \(f_{i}: X \rightarrow \mathbb{R}\) denote the cost function for player i. We denote this game as Γ(N, {Xi}, {Ci}, {fi}).
Definition 1.
A strategy profile x∗ ∈ X is a GNE of Γ(N, {Xi}, {Ci}, {fi}) if for every player i,
Our proof of GNE existence in this chapter is based on the following general result.
Theorem 1.
Consider the game Γ(N, {Xi}, {Ci}, {fi}). Assume for all players we have
-
1.
X i is a nonempty, convex, and compact subset of an Euclidean space,
-
2.
C i is both upper and lower semicontinuous,
-
3.
Ci(x−i) is nonempty, closed, and convex for every x−i ∈ X−i ,
-
4.
f i is continuous on the graph of C i , and
-
5.
fi(xi, x−i) is quasiconvex on Ci(x−i) for every x ∈ X.
Then there exists a GNE.
The proof of the above theorem relies on Kakutani fixed-point theorem and Berge’s maximum theorem and is presented in [10, Theorem 3.1].
In many application, including for the defense cost minimization game studied in this chapter, we encounter a parametrized constraint set, i.e., Ci(x−i) = {xi ∈ Xi | gij(xi, x−i) ≤ 0, j = {1, 2, …, mi}}. For this class of constraints, we have the following sufficient conditions for the upper and lower semicontinuity of Ci [16, Theorem 10,12].
Theorem 2.
Let \(C_{i}: X_{-i} \rightarrow 2^{X_{i}}\) be given by Ci(x−i) = {xi ∈ Xi | gij(xi, x−i) ≤ 0, j = {1, 2, …, mi}}.
-
1.
Let \(X_{i} \subseteq \mathbb{R}^{n_{i}}\) be closed and all components g ij ’s be continuous on X. Then, C i is upper semicontinuous on X − i .
-
2.
Let g ij ’s be continuous and convex in x i for each x − i . If there exists \(\bar{x}\) such that \(g_{ij}(\bar{x}_{i},\bar{x}_{-i}) <0\) for all j, then C i is lower semicontinuous at \(\bar{x}_{-i}\) and in some neighborhood of \(\bar{x}_{-i}\) .
Remark 5.
Some authors use the term hemicontinuity instead of semicontinuity [31]. The definitions coincide for closed and compact-valued correspondences, which is the case here.
Rights and permissions
Copyright information
© 2018 National Technology & Engineering Solutions of Sandia, LLC
About this chapter
Cite this chapter
Hota, A.R., Clements, A.A., Bagchi, S., Sundaram, S. (2018). A Game-Theoretic Framework for Securing Interdependent Assets in Networks. In: Rass, S., Schauer, S. (eds) Game Theory for Security and Risk Management. Static & Dynamic Game Theory: Foundations & Applications. Birkhäuser, Cham. https://doi.org/10.1007/978-3-319-75268-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-75268-6_7
Published:
Publisher Name: Birkhäuser, Cham
Print ISBN: 978-3-319-75267-9
Online ISBN: 978-3-319-75268-6
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)