A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Linan Huang, Quanyan Zhu

Research output: Contribution to journalArticlepeer-review

Abstract

Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for a cyber-physical system due to their stealthy, dynamic and adaptive nature. Proactive dynamic defenses provide a strategic and holistic security mechanism to increase the costs of attacks and mitigate the risks. This work proposes a dynamic game framework to model a long-term interaction between a stealthy attacker and a proactive defender. The stealthy and deceptive behaviors are captured by the multi-stage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by the multi-stage observation and learning. The perfect Bayesian Nash equilibrium provides a useful prediction of both players’ policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the perfect Bayesian Nash equilibrium and use the Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.

Original languageEnglish (US)
Article number101660
JournalComputers and Security
Volume89
DOIs
StatePublished - Feb 2020

Keywords

  • Advanced persistent threats
  • Cyber deception
  • Defense in depth
  • Industrial control system security
  • Multi-stage Bayesian game
  • Perfect Bayesian Nash equilibrium
  • Proactive defense
  • Tennessee Eastman process

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Fingerprint

Dive into the research topics of 'A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems'. Together they form a unique fingerprint.

Cite this