Abstract
While the Internet of things (IoT) promises to improve areas such as energy efficiency, health care, and transportation, it is highly vulnerable to cyberattacks. In particular, distributed denial-of-service (DDoS) attacks overload the bandwidth of a server. But many IoT devices form part of cyber-physical systems (CPS). Therefore, they can be used to launch “physical” denial-of-service attacks (PDoS) in which IoT devices overflow the “physical bandwidth” of a CPS. In this paper, we quantify the population-based risk to a group of IoT devices targeted by malware for a PDoS attack. In order to model the recruitment of bots, we develop a “Poisson signaling game,” a signaling game with an unknown number of receivers, which have varying abilities to detect deception. Then we use a version of this game to analyze two mechanisms (legal and economic) to deter botnet recruitment. Equilibrium results indicate that (1) defenders can bound botnet activity, and (2) legislating a minimum level of security has only a limited effect, while incentivizing active defense can decrease botnet activity arbitrarily. This work provides a quantitative foundation for proactive PDoS defense.
Q. Zhu—This work is partially supported by an NSF IGERT grant through the Center for Interdisciplinary Studies in Security and Privacy (CRISSP) at New York University, by the grant CNS-1544782, EFRI-1441140, and SES-1541164 from National Science Foundation (NSF) and DE-NE0008571 from the Department of Energy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This is based on the idea that deceptive senders have a harder time communicating some messages than truthful senders. In interpersonal deception, for instance, lying requires high cognitive load, which may manifest itself in external gestures [23].
- 2.
This could literally be a hardware or software detector, such as email filters which attempt to tag phishing emails. But it could also be an abstract notion meant to signify the innate ability of a person to recognize deception.
- 3.
In fact, although all receivers with the same type y have the same likelihood \(\delta _{y}(e\,|\,x,m)\) of observing evidence e given sender type x and message m, our formulation allows the receivers to observe different actual realizations e of the evidence.
- 4.
A second string can also be considered for the username.
- 5.
For strong and active receivers, \(\delta _{y}\left( b\,|\,d,p\right) >\delta _{y}\left( b\,|\,l,p\right) ,\) \(y\in \{o,v\}.\) That is, these receivers are more likely to observe suspicious evidence if they are interacting with a malicious sender than if they are interacting with a legitimate sender. Mathematically, \(\delta _{k}(b\,|\,d,p)=\delta _{k}(b\,|\,l,p)\) signifies that type k receivers do not implement a detector.
- 6.
We abuse notation slightly to write \(\bar{U}_{v}^{R}(a\,|\,m,e,\mu _{y}^{R})\) for the expected utility that R of type v obtains by playing action a.
- 7.
In Fig. 8(b), \(\sigma _{v}^{R*}(f\,|\,p,b)=1\) for \(\upomega _{d}^{f}=-12.\)
- 8.
A natural interpretation in an evolutionary game framework would be that \(\sigma _{d}^{S*}(p)=1,\) and \(q^{S}(d)\) decreases when the total activity is bounded. In other words, malicious senders continue recruiting, but some malicious senders drop out since not all of them are supported in equilibrium.
References
Free community-based mapping, traffic and navigation app. Waze Mobile. https://www.waze.com/
Visions and challenges for realising the internet of things. Technical report, CERP IoT Cluster, European Commission (2010)
Account lockout threshold. Microsoft TechNet (2014). https://technet.microsoft.com/en-us/library/hh994574(v=ws.11).aspx
Amini, S., Mohsenian-Rad, H., Pasqualetti, F.: Dynamic load altering attacks in smart grid. In: Innovative Smart Grid Technologies Conference, pp. 1–5. IEEE (2015)
Bensoussan, A., Kantarcioglu, M., Hoe, S.R.C.: A game-theoretical approach for finding optimal strategies in a botnet defense model. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 135–148. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17197-0_9
Byers, T.: Demand response and the IoT: using data to maximize customer benefit. Comverge Blog (2017). http://www.comverge.com/blog/february-2017/demand-response-and-iot-using-data-to-maximize-cus/
Crawford, V.P., Sobel, J.: Strategic information transmission. Econom. J. Econom. Soc. 50(6), 1431–1451 (1982)
Fudenberg, D., Tirole, J.: Game Theory, vol. 393. MIT Press, Cambridge (1991)
Glover, J.D., Sarma, M.S., Overbye, T.: Power System Analysis & Design, SI Version. Cengage Learning, Boston (2012)
Hammerstrom, D.J.: Part II. Grid friendly appliance project. In: GridWise Testbed Demonstration Projects. Pacific Northwest National Laboratory (2007)
Hayel, Y., Zhu, Q.: Epidemic protection over heterogeneous networks using evolutionary poisson games. IEEE Trans. Inf. Forensics Secur. 12(8), 1786–1800 (2017)
Herzberg, B., Bekerman, D., Zeifman, I.: Breaking down mirai: An IoT DDoS botnet analysis. Incapsula Blog, Bots and DDoS, Security (2016). https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
Higgins, K.J.: Conficker botnet ‘dead in the water’, researcher says, 2010. Dark Reading. http://www.darkreading.com/attacks-breaches/conficker-botnet-dead-in-the-water-researcher-says/d/d-id/1133327?
Lewis, D.: Convention: A Philosophical Study. Wiley, New York (2008)
Meyer, R.: How a Bunch of Hacked DVR Machines Took Down Twitter and Reddit. The Atlantic, Darya Ganj (2016)
Mohammadi, A., Manshaei, M.H., Moghaddam, M.M., Zhu, Q.: A game-theoretic analysis of deception over social networks using fake avatars. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 382–394. Springer, Cham (2016). doi:10.1007/978-3-319-47413-7_22
Mohsenian-Rad, A.-H., Leon-Garcia, A.: Distributed internet-based load altering attacks against smart power grids. IEEE Trans. Smart Grid 2(4), 667–674 (2011)
Myerson, R.B.: Population uncertainty and poisson games. Int. J. Game Theor. 27(3), 375–392 (1998)
Pawlick, J., Farhang, S., Zhu, Q.: Flip the cloud: cyber-physical signaling games in the presence of advanced persistent threats. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 289–308. Springer, Cham (2015). doi:10.1007/978-3-319-25594-1_16
Pawlick, J., Zhu, Q.: Deception by design: evidence-based signaling games for network defense. In: Workshop on the Economics of Information Security and Privacy, Delft, The Netherlands (2015)
Pawlick, J., Zhu, Q.: Strategic trust in cloud-enabled cyber-physical systems with an application to glucose control. IEEE Trans. Inf. Forensics and Secur. (2017, to appear)
Radke, R.J., Woodstock, T-K., Imam, M.H., Sanderson, A.C., Mishra, S.: Advanced sensing and control in the smart conference room at the center for lighting enabled systems and applications. In: SID Symposium Digest of Technical Papers, vol. 47, pp. 193–196. Wiley Online Library (2016)
Vrij, A., Mann, S.A., Fisher, R.P., Leal, S., Milne, R., Bull, R.: Increasing cognitive load to facilitate lie detection: the benefit of recalling an event in reverse order. Law Hum. Behav. 32(3), 253–265 (2008)
Wu, Q., Shiva, S., Roy, S., Ellis, C., Datla, C.: On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks. In: Proceedings of Spring Simulation Multiconference, p. 159. Society for Computer Simulation International (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Simplification of Sender Expected Utility
Each each component of c is distributed according to a Poisson r.v. The components are independent, so Recall that S receives zero utility when he plays \(m=w.\) So we can choose \(m=p\):
Some of the probability terms can be summed over their support. We are left with
The last summation is the expected value of \(c_{a},\) which is \(\lambda _{a}.\) This yields Eq. (7).
B Proof of Theorem 1
The proofs for the status quo and resistant attacker equilibria are similar to the proof for Lemma 1. The vulnerable attacker equilibrium is a partially-separating PBNE. Strategies \(\sigma _{o}^{R*}(g\,|\,p,b)\) and \(\sigma _{v}^{R*}(g\,|\,p,b)\) which satisfy Eq. (13) make malicious senders exactly indifferent between \(m=p\) and \(m=w.\) Thus, they can play the mixed-strategy in Eq. (14), which makes strong and active receivers exactly indifferent between \(a=g\) and \(a=t.\) The proof of the vulnerable attacker equilibrium follows a similar logic.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Pawlick, J., Zhu, Q. (2017). Proactive Defense Against Physical Denial of Service Attacks Using Poisson Signaling Games. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds) Decision and Game Theory for Security. GameSec 2017. Lecture Notes in Computer Science(), vol 10575. Springer, Cham. https://doi.org/10.1007/978-3-319-68711-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-68711-7_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68710-0
Online ISBN: 978-3-319-68711-7
eBook Packages: Computer ScienceComputer Science (R0)