Abstract
Advanced Persistent Threats (APTs) have created new security challenges for critical infrastructures due to their stealthy, dynamic, and adaptive natures. In this work, we aim to lay a game-theoretic foundation by establishing a multi-stage Bayesian game framework to capture incomplete information of deceptive APTs and their multistage multi-phase movement. The analysis of the perfect Bayesian Nash equilibrium (PBNE) enables a prediction of attacker's behaviors and a design of defensive strategies that can deter the adversaries and mitigate the security risks. A conjugate-prior method allows online computation of the belief and reduces Bayesian update into an iterative parameter update. The forwardly updated parameters are assimilated into the backward dynamic programming computation to characterize a computationally tractable and timeconsistent equilibrium solution based on the expanded state space. The Tennessee Eastman (TE) process control problem is used as a case study to demonstrate the dynamic game under the information asymmetry and show that APTs tend to be stealthy and deceptive during their transitions in the cyber layer and behave aggressively when reaching the targeted physical plant. The online update of the belief allows the defender to learn the behavior of the attacker and choose strategic defensive actions that can thwart adversarial behaviors and mitigate APTs. Numerical results illustrate the defender's tradeoff between the immediate reward and the future expectation as well as the attacker's goal to reach an advantageous system state while making the defender form a positive belief.
- BATHELT, A., RICKER, N. L., AND JELALI, M. Revision of the tennessee eastman process model. IFAC-PapersOnLine 48, 8 (2015), 309--314.Google ScholarCross Ref
- COPPOLINO, L., D'ANTONIO, S., ROMANO, L., AND SPAGNUOLO, G. An intrusion detection system for critical information infrastructures using wireless sensor network technologies. In Critical Infrastructure (CRIS), 2010 5th International Conference on (2010), IEEE, pp. 1--8.Google ScholarCross Ref
- HARSANYI, J. C. Games with incomplete information played by bayesian players, i--iii part i. the basic model. Management science 14, 3 (1967), 159--182. Google ScholarDigital Library
- HUANG, L., CHEN, J., AND ZHU, Q. A large-scale markov game approach to dynamic protection of interdependent infrastructure networks. In International Conference on Decision and Game Theory for Security (2017), Springer, pp. 357--376.Google ScholarCross Ref
- HUANG, L., AND ZHU, Q. Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems. In International Conference on Decision and Game Theory for Security (2018).Google ScholarDigital Library
- MANSHAEI, M. H., ZHU, Q., ALPCAN, T., BACS¸AR, T., AND HUBAUX, J.-P. Game theory meets network security and privacy. ACM Computing Surveys (CSUR) 45, 3 (2013), 25. Google ScholarDigital Library
- VAN DIJK, M., JUELS, A., OPREA, A., AND RIVEST, R. L. Flipit: The game of stealthy takeover. Journal of Cryptology 26, 4 (2013), 655--713. Google ScholarDigital Library
- ZHANG, T., AND ZHU, Q. Strategic defense against deceptive civilian gps spoofing of unmanned aerial vehicles. In International Conference on Decision and Game Theory for Security (2017), Springer, pp. 213--233.Google ScholarCross Ref
- ZHU, Q., AND RASS, S. On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access 6 (2018), 13958--13971.Google ScholarCross Ref
Index Terms
- Adaptive Strategic Cyber Defense for Advanced Persistent Threats in Critical Infrastructure Networks
Recommendations
Cloud Storage Defense Against Advanced Persistent Threats: A Prospect Theoretic Study
Cloud storage is vulnerable to advanced persistent threats (APTs), in which an attacker launches stealthy, continuous, and targeted attacks on storage devices. In this paper, prospect theory (PT) is applied to formulate the interaction between the ...
Prospect Theoretic Study of Cloud Storage Defense against Advanced Persistent Threats
2016 IEEE Global Communications Conference (GLOBECOM)Cloud storage is vulnerable to Advanced Persistent Threats (APTs), which are stealthy, continuous, well funded and targeted. In this paper, prospect theory is applied to study the interactions between a subjective cloud storage defender and a subjective ...
Comments