Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems

Linan Huang; Quanyan Zhu

doi:10.1007/978-3-030-01554-1_12

Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems

Linan Huang, Quanyan Zhu

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Cyber-physical systems are facing new security challenges from Advanced Persistent Threats (APTs) due to the stealthy, dynamic and adaptive nature of the attack. The multi-stage Bayesian game captures the incomplete information of the players’ type, and enables an adaptive belief update according to the observable history of the other player’s actions. The solution concept of perfect Bayesian Nash equilibrium (PBNE) under the proactive and reactive information structures of the players provides an important analytical tool to predict and design the players’ behavior. To capture the learning process and enable fast computation of PBNE, we use conjugate priors to update the beliefs of the players parametrically, which is assimilated into backward dynamic programming with an expanded state space. We use a mathematical programming approach to compute the PBNE of the dynamic bi-matrix game of incomplete information. In the case study, we analyze and study two PBNEs under complete and one-sided incomplete information. The results reveal the benefit of deception of the private attackers’ types and motivate defender’s use of deception techniques to tilt the information asymmetry. Numerical results have been used to corroborate the analytical findings of our framework and show the effectiveness of defense design to deter the attackers and mitigate the APTs strategically.

Original language	English (US)
Title of host publication	Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings
Editors	Linda Bushnell, Radha Poovendran, Tamer Basar
Publisher	Springer Verlag
Pages	205-226
Number of pages	22
ISBN (Print)	9783030015534
DOIs	https://doi.org/10.1007/978-3-030-01554-1_12
State	Published - 2018
Event	9th International Conference on Decision and Game Theory for Security, GameSec 2018 - Seattle, United States Duration: Oct 29 2018 → Oct 31 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11199 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	9th International Conference on Decision and Game Theory for Security, GameSec 2018
Country/Territory	United States
City	Seattle
Period	10/29/18 → 10/31/18

Keywords

Advanced Persistent Threats (APTs)
Cyber deception
Multistage Bayesian game
Optimal learning
Proactive and strategic defense

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-030-01554-1_12

Cite this

Huang, L., & Zhu, Q. (2018). Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems. In L. Bushnell, R. Poovendran, & T. Basar (Eds.), Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings (pp. 205-226). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11199 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-01554-1_12

Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems. / Huang, Linan; Zhu, Quanyan.
Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings. ed. / Linda Bushnell; Radha Poovendran; Tamer Basar. Springer Verlag, 2018. p. 205-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11199 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Huang, L & Zhu, Q 2018, Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems. in L Bushnell, R Poovendran & T Basar (eds), Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11199 LNCS, Springer Verlag, pp. 205-226, 9th International Conference on Decision and Game Theory for Security, GameSec 2018, Seattle, United States, 10/29/18. https://doi.org/10.1007/978-3-030-01554-1_12

Huang L, Zhu Q. Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems. In Bushnell L, Poovendran R, Basar T, editors, Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings. Springer Verlag. 2018. p. 205-226. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-01554-1_12

Huang, Linan ; Zhu, Quanyan. / Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems. Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings. editor / Linda Bushnell ; Radha Poovendran ; Tamer Basar. Springer Verlag, 2018. pp. 205-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{dbfbe72f6d344ce9a6379072aaf7a4c6,

title = "Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems",

abstract = "Cyber-physical systems are facing new security challenges from Advanced Persistent Threats (APTs) due to the stealthy, dynamic and adaptive nature of the attack. The multi-stage Bayesian game captures the incomplete information of the players{\textquoteright} type, and enables an adaptive belief update according to the observable history of the other player{\textquoteright}s actions. The solution concept of perfect Bayesian Nash equilibrium (PBNE) under the proactive and reactive information structures of the players provides an important analytical tool to predict and design the players{\textquoteright} behavior. To capture the learning process and enable fast computation of PBNE, we use conjugate priors to update the beliefs of the players parametrically, which is assimilated into backward dynamic programming with an expanded state space. We use a mathematical programming approach to compute the PBNE of the dynamic bi-matrix game of incomplete information. In the case study, we analyze and study two PBNEs under complete and one-sided incomplete information. The results reveal the benefit of deception of the private attackers{\textquoteright} types and motivate defender{\textquoteright}s use of deception techniques to tilt the information asymmetry. Numerical results have been used to corroborate the analytical findings of our framework and show the effectiveness of defense design to deter the attackers and mitigate the APTs strategically.",

keywords = "Advanced Persistent Threats (APTs), Cyber deception, Multistage Bayesian game, Optimal learning, Proactive and strategic defense",

author = "Linan Huang and Quanyan Zhu",

note = "Publisher Copyright: {\textcopyright} 2018, Springer Nature Switzerland AG.; 9th International Conference on Decision and Game Theory for Security, GameSec 2018 ; Conference date: 29-10-2018 Through 31-10-2018",

year = "2018",

doi = "10.1007/978-3-030-01554-1_12",

language = "English (US)",

isbn = "9783030015534",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "205--226",

editor = "Linda Bushnell and Radha Poovendran and Tamer Basar",

booktitle = "Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings",

}

TY - GEN

T1 - Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems

AU - Huang, Linan

AU - Zhu, Quanyan

PY - 2018

Y1 - 2018

N2 - Cyber-physical systems are facing new security challenges from Advanced Persistent Threats (APTs) due to the stealthy, dynamic and adaptive nature of the attack. The multi-stage Bayesian game captures the incomplete information of the players’ type, and enables an adaptive belief update according to the observable history of the other player’s actions. The solution concept of perfect Bayesian Nash equilibrium (PBNE) under the proactive and reactive information structures of the players provides an important analytical tool to predict and design the players’ behavior. To capture the learning process and enable fast computation of PBNE, we use conjugate priors to update the beliefs of the players parametrically, which is assimilated into backward dynamic programming with an expanded state space. We use a mathematical programming approach to compute the PBNE of the dynamic bi-matrix game of incomplete information. In the case study, we analyze and study two PBNEs under complete and one-sided incomplete information. The results reveal the benefit of deception of the private attackers’ types and motivate defender’s use of deception techniques to tilt the information asymmetry. Numerical results have been used to corroborate the analytical findings of our framework and show the effectiveness of defense design to deter the attackers and mitigate the APTs strategically.

AB - Cyber-physical systems are facing new security challenges from Advanced Persistent Threats (APTs) due to the stealthy, dynamic and adaptive nature of the attack. The multi-stage Bayesian game captures the incomplete information of the players’ type, and enables an adaptive belief update according to the observable history of the other player’s actions. The solution concept of perfect Bayesian Nash equilibrium (PBNE) under the proactive and reactive information structures of the players provides an important analytical tool to predict and design the players’ behavior. To capture the learning process and enable fast computation of PBNE, we use conjugate priors to update the beliefs of the players parametrically, which is assimilated into backward dynamic programming with an expanded state space. We use a mathematical programming approach to compute the PBNE of the dynamic bi-matrix game of incomplete information. In the case study, we analyze and study two PBNEs under complete and one-sided incomplete information. The results reveal the benefit of deception of the private attackers’ types and motivate defender’s use of deception techniques to tilt the information asymmetry. Numerical results have been used to corroborate the analytical findings of our framework and show the effectiveness of defense design to deter the attackers and mitigate the APTs strategically.

KW - Advanced Persistent Threats (APTs)

KW - Cyber deception

KW - Multistage Bayesian game

KW - Optimal learning

KW - Proactive and strategic defense

UR - http://www.scopus.com/inward/record.url?scp=85055886970&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055886970&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-01554-1_12

DO - 10.1007/978-3-030-01554-1_12

M3 - Conference contribution

AN - SCOPUS:85055886970

SN - 9783030015534

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 205

EP - 226

BT - Decision and Game Theory for Security - 9th International Conference, GameSec 2018, Proceedings

A2 - Bushnell, Linda

A2 - Poovendran, Radha

A2 - Basar, Tamer

PB - Springer Verlag

T2 - 9th International Conference on Decision and Game Theory for Security, GameSec 2018

Y2 - 29 October 2018 through 31 October 2018

ER -

Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this