Top

Published in:

2018 | OriginalPaper | Chapter

Defending Against Chained Cyber-Attacks by Adversarial Agents

Authors : Vivin Paliath, Paulo Shakarian

Published in: Guide to Vulnerability Analysis for Computer Networks and Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cyber adversaries employ a variety of malware and exploit to attack computer systems. Despite the prevalence of markets for malware and exploit kits, existing paradigms that model such cyber-adversarial behaviour do not account for sequential application or “chaining” of attacks, that take advantage of the complex and interdependent nature of exploits and vulnerabilities. As a result, it is challenging for security professionals to develop defensive-strategies against threats of this nature. This chapter takes the first steps toward addressing this need, based on a framework that allows for the modelling of sequential cyber-attacks on computer systems, taking into account complex interdependencies between vulnerabilities and exploits. The framework identifies the overall set of capabilities gained by an attacker through the convergence of a simple fixed-point operator. We then turn our attention to the problem of determining the optimal/most effective strategy (with respect to this model) that the defender can use to block the attacker from gaining certain capabilities and find it to be an NP-complete problem. To address this complexity, we utilize an A*-based approach and develop an admissible heuristic. We provide an implementation and show through a suite of experiments using actual vulnerability data that this method performs well in practice for identifying defensive courses of action in this domain.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study

next chapter Vulnerability Detection and Analysis in Adversarial Deep Learning

https://archive.org/details/Stuxnet.

Shakarian P, Shakarian J (2016) Considerations for the development of threat prediction in the cyber domain. In: AAAI-16 workshop on artificial intelligence for cyber security

Robertson J, Diab A, Marin E, Nunes E, Paliath V, Shakarian J, Shakarian P (2016) Darknet mining and game theory for enhanced cyber threat intelligence. Cyber Def Rev 1(2)

Robertson JJ, Paliath V, Shakarian J, Thart A, Shakarian P (2016) Data driven game theoretic cyber threat mitigation. Innov Appl Artif Intell 28

Shim W, Allodi L, Massacci F (2012) Crime pays if you are just an average hacker. In: 2012 international conference on cyber security (CyberSecurity), pp 62–68. https://doi.org/10.1109/CyberSecurity.2012.15

Paliath V, Shakarian P (2016) Modeling cyber-attacks on industrial control systems. In: 2016 IEEE conference on intelligence and security informatics (ISI). IEEE, pp 316–318

Chen TM, Sanchez-Aarnoutse JC, Buford J (2011) Petri net modeling of cyber-physical attacks on smart grid. IEEE Trans Smart Grid 2(4):741–749

Henry MH, Layer RM, Snow KZ, Zaret DR (2009) Evaluating the risk of cyber attacks on scada systems via petri net analysis with application to hazardous liquid loading operations. In: IEEE conference on technologies for homeland security, 2009. HST’09. IEEE, pp 607–614

Paliath V, Shakarian P (2018) Modeling sequential cyber-attacks against computer systems via vulnerability dependencies (submitted)

Shakarian P (2011) Stuxnet: Cyberwar revolution in military affairs. Small Wars J

10.

Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011-37th annual conference on ieee industrial electronics society. IEEE, pp 4490–4494

11.

Falliere N, Murchu LO, Chien E (2011) W32. stuxnet dossier. White paper, Symantec Corp., Security Response, vol 5

12.

Durkota K, Lisy V, Kiekintveld C, Bosansky B (2015) Game-theoretic algorithms for optimal network security hardening using attack graphs. In: Proceedings of the 2015 international conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp 1773–1774

13.

Vaněk O, Yin Z, Jain M, Bošanskỳ B, Tambe M, Pěchouček M (2012) Game-theoretic resource allocation for malicious packet detection in computer networks. In: Proceedings of the 11th international conference on autonomous agents and multiagent systems-volume 2. International Foundation for Autonomous Agents and Multiagent Systems, pp 905–912

14.

Shakarian P, Lei H, Lindelauf R (2014) Power grid defense against malicious cascading failure. In: Proceedings of the 2014 international conference on autonomous agents and multi-agent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp 813–820

15.

Hayel Y, Zhu Q (2015) Resilient and secure network design for cyber attack-induced cascading link failures in critical infrastructures. In: 2015 49th annual conference on information sciences and systems (CISS). IEEE, pp 1–3

16.

Marrone S, Nardone R, Tedesco A, D’Amore P, Vittorini V, Setola R, De Cillis F, Mazzocca N (2013) Vulnerability modeling and analysis for critical infrastructure protection applications. Int J Crit Infrastruct Prot 6(3):217–227

17.

Flammini F, Gaglione A, Mazzocca N, Pragliola C (2014) Detect: a novel framework for the detection of attacks to critical infrastructures. In: Safety, reliability and risk analysis: theory, methods and applications-proceedings of ESREL08, pp 105–112

18.

Spyridopoulos T, Maraslis K, Tryfonas T, Oikonomou G, Li S (2014) Managing cyber security risks in industrial control systems with game theory and viable system modelling. In: 2014 9th international conference on system of systems engineering (SOSE). IEEE, pp 266–271

19.

Paruchuri P, Pearce JP, Marecki J, Tambe M, Ordonez F, Kraus S (2008) Playing games for security: an efficient exact algorithm for solving bayesian stackelberg games. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems-volume 2. International Foundation for Autonomous Agents and Multiagent Systems, pp 895–902

20.

Pita J, Jain M, Marecki J, Ordóñez F, Portway C, Tambe M, Western C, Paruchuri P, Kraus S (2008) Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems: industrial track. International Foundation for Autonomous Agents and Multiagent Systems, pp 125–132

21.

Jain M, Kardes E, Kiekintveld C, Ordónez F, Tambe M (2010) Security games with arbitrary schedules: a branch and price approach. In: AAAI

22.

Okimoto T, Ikegai N, Inoue K, Okada H, Ribeiro T, Maruyama H (2013) Cyber security problem based on multi-objective distributed constraint optimization technique. In: 2013 43rd annual ieee/ifip conference on dependable systems and networks workshop (DSN-W). IEEE, pp 1–7

23.

Alpcan T, Başar T (2010) Network security: a decision and game-theoretic approach. Cambridge University Press, Cambridge

24.

Kusumastuti S, Cui J, Tambe A, John RS, A behavioral game modeling cyber attackers, defenders, and users

25.

Peterson JL (1981) Petri net theory and the modeling of systems

26.

Reisig W (2012) Petri nets: an introduction, vol 4. Springer, Berlin

27.

Finkel A (1993) The minimal coverability graph for petri nets. Advances in petri nets 1993, pp 210–243

28.

Okhravi H, Nicol D (2008) Evaluation of patch management strategies. Int J Comput Intell Theory Pract 3(2):109–117

29.

Abraham S, Nair S (2017) Comparative analysis and patch optimization using the cyber security analytics framework. J Def Model Simulat, 1548512917705743

30.

Miao L, Li S, Wang Z (2018) Optimal dissemination strategy of security patch based on differential game in social network. Wireless Pers Commun 98(1):237–249

31.

Nunes E, Diab A, Gunn A, Marin E, Mishra V, Paliath V, Robertson J, Shakarian J, Thart A, Shakarian P (2016) Darknet and deepnet mining for proactive cybersecurity threat intelligence. arXiv:1607.08583

Title: Defending Against Chained Cyber-Attacks by Adversarial Agents
Authors: Vivin Paliath
Paulo Shakarian
Publisher: Springer International Publishing
Book: Guide to Vulnerability Analysis for Computer Networks and Systems
Print ISBN: 978-3-319-92623-0

Electronic ISBN: 978-3-319-92624-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-92624-7_8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner