nach oben

Erschienen in:

2023 | OriginalPaper | Buchkapitel

Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach

verfasst von : Md Abu Sayed, Ahmed H. Anwar, Christopher Kiekintveld, Branislav Bosansky, Charles Kamhoua

Erschienen in: Decision and Game Theory for Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by misrepresenting the true state of the network. Existing work on cyber deception does not model zero-day attacks. In this paper, we address the question of “How to allocate honeypots over the network?” to protect its most valuable assets. To this end, we develop a two-player zero-sum game theoretic approach to study the potential reconnaissance tracks and attack paths that attackers may use. However, zero-day attacks allow attackers to avoid placed honeypots by creating new attack paths. Therefore, we introduce a sensitivity analysis to investigate the impact of different zero-day vulnerabilities on the performance of the proposed deception technique. Next, we propose several mitigating strategies to defend the network against zero-day attacks based on this analysis. Finally, our numerical results validate our findings and illustrate the effectiveness of the proposed defense approach.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Casino Rationale: Countering Attacker Deception in Zero-Sum Stackelberg Security Games of Bounded Rationality

Nächstes Kapitel On Almost-Sure Intention Deception Planning that Exploits Imperfect Observers

Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40CrossRef

Schuster, R., Shmatikov, V., Tromer, E.: Beauty and the burst: remote identification of encrypted video streams. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1357–1374 (2017)

Fu, X., Graham, B., Xuan, D., Bettati, R., Zhao, W.: Empirical and theoretical evaluation of active probing attacks and their countermeasures. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 266–281. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30114-1_19CrossRef

Bansal, G., Kumar, N., Nandi, S., Biswas, S.: Detection of NDP based attacks using MLD. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 163–167 (2012)

Çeker, H., Zhuang, J., Upadhyaya, S., La, Q.D., Soong, B.-H.: Deception-based game theoretical approach to mitigate DoS attacks. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 18–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_2CrossRefMATH

Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access 6, 13958–13971 (2018)CrossRef

Anwar, A.H., Kamhoua, C., Leslie, N.: A game-theoretic framework for dynamic cyber deception in Internet of Battlefield Things. In: Proceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 522–526 (2019)

Wang, C., Zhuo, L.: Cyber deception: overview and the road ahead. IEEE Secur. Priv. 16(2), 80–85 (2018)CrossRef

Mokube, I., Adams, M.: Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference, pp. 321–326 (2007)

10.

Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020)MathSciNetCrossRefMATH

11.

Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345 (2006)

12.

Bilge, L., Dumitraş, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833–844 (2012)

13.

Zhu, M., Anwar, A.H., Wan, Z., Cho, J.-H., Kamhoua, C.A., Singh, M.P.: A survey of defensive deception: approaches using game theory and machine learning. IEEE Commun. Surv. Tutor. 23(4), 2460–2493 (2021)CrossRef

14.

Schlenker, A., Thakoor, O., Xu, H., Fang, F., Tambe, M., Vayanos, P.: Game theoretic cyber deception to foil adversarial network reconnaissance. In: Jajodia, S., Cybenko, G., Subrahmanian, V.S., Swarup, V., Wang, C., Wellman, M. (eds.) Adaptive Autonomous Secure Cyber Systems, pp. 183–204. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-33432-1_9CrossRef

15.

Pawlick, J., Zhu, Q.: Deception by design: evidence-based signaling games for network defense. arXiv preprint arXiv:1503.05458 (2015)

16.

Fraser, N.M., Hipel, K.W.: Conflict Analysis: Models and Resolutions. North-Holland (1984)

17.

Vane, R., Lehner, P.E.: Using hypergames to select plans in adversarial environments. In: Proceedings of the 1st Workshop on Game Theoretic and Decision Theoretic Agents, pp. 103–111 (1999)

18.

Ferguson-Walter, K., Fugate, S., Mauger, J., Major, M.: Game theory for adaptive defensive cyber deception. In: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, p. 4. ACM (2019)

19.

Cho, J.-H., Zhu, M., Singh, M.: Modeling and analysis of deception games based on hypergame theory. In: Al-Shaer, E., Wei, J., Hamlen, K.W., Wang, C. (eds.) Autonomous Cyber Deception, pp. 49–74. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-02110-8_4CrossRef

20.

Nguyen, T., Yang, R., Azaria, A., Kraus, S., Tambe, M.: Analyzing the effectiveness of adversary modeling in security games. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 27, pp. 718–724 (2013)

21.

Sinha, A., Fang, F., An, B., Kiekintveld, C., Tambe, M.: Stackelberg security games: looking beyond a decade of success. IJCAI (2018)

22.

Eder-Neuhauser, P., Zseby, T., Fabini, J., Vormayr, G.: Cyber attack models for smart grid environments. Sustain. Energy Grids Netw. 12, 10–29 (2017)CrossRef

23.

Al-Rushdan, H., Shurman, M., Alnabelsi, S.H., Althebyan, Q.: Zero-day attack detection and prevention in software-defined networks. In: 2019 International Arab Conference on Information Technology (ACIT), pp. 278–282. IEEE (2019)

24.

Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224 (2002)

25.

Başar, T., Olsder, G.J.: Dynamic Noncooperative Game Theory, vol. 23. SIAM (1999)

Titel: Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach
verfasst von: Md Abu Sayed
Ahmed H. Anwar
Christopher Kiekintveld
Branislav Bosansky
Charles Kamhoua
Verlag: Springer International Publishing
Buch: Decision and Game Theory for Security
Print ISBN: 978-3-031-26368-2

Electronic ISBN: 978-3-031-26369-9

Copyright-Jahr: 2023
DOI: https://doi.org/10.1007/978-3-031-26369-9_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner