Combating Ransomware in Internet of Things: A Games-in-Games Approach for Cross-Layer Cyber Defense and Security Investment

Yuhan Zhao, Yunfei Ge, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The recent surge in ransomware attacks has threatened many critical infrastructures such as oil pipeline systems, hospitals, and industrial Internet of Things (IoT). Ransomware is a cryptoviral extortion attack that involves two phases: the cyber infection of the malware and the financial transaction of the ransom payment. As the ransomware attackers are financially motivated, the protection of the infrastructure networked systems requires a cross-layer risk analysis that not only examines the vulnerability of the cyber system but also consolidates the economics of ransom payment. To this end, this paper establishes a two-player multi-phase and multi-stage game framework to model cyber and economic phases of a ransomware attack. We use a zero-sum Markov game to capture the multi-stage penetration of ransomware in the lateral movement. A sequential-move game is proposed to model the ransom payment interactions at the second phase. Two games are composed to form a multi-phase and multi-stage game-in-games (MPMS-GiG) that enables a holistic risk assessment of ransomware in networks and a cross-layer design of cyber defense and investment strategies to mitigate the attack. We provide a complete equilibrium characterization of ransomware game and design interdependent optimal strategies for cyber protection and ransom payment. We use prospect theory to analyze the impact of human factors on equilibrium strategies. Finally, we use a prototypical industrial IoT network as a case study to corroborate the results.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 12th International Conference, GameSec 2021, Proceedings
EditorsBranislav Bošanský, Cleotilde Gonzalez, Stefan Rass, Stefan Rass, Arunesh Sinha
PublisherSpringer Science and Business Media Deutschland GmbH
Pages208-228
Number of pages21
ISBN (Print)9783030903695
DOIs
StatePublished - 2021
Event12th International Conference on Decision and Game Theory for Security, GameSec 2021 - Virtual, Online
Duration: Oct 25 2021Oct 27 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13061 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference12th International Conference on Decision and Game Theory for Security, GameSec 2021
CityVirtual, Online
Period10/25/2110/27/21

Keywords

  • Cybersecurity
  • Game theory
  • Internet of Things
  • Prospect theory
  • Ransomware
  • Risk assessment
  • Security economics

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Combating Ransomware in Internet of Things: A Games-in-Games Approach for Cross-Layer Cyber Defense and Security Investment'. Together they form a unique fingerprint.

Cite this