@inproceedings{58847135eab74ba1a9d9da29cf7908b1,
title = "Combating Ransomware in Internet of Things: A Games-in-Games Approach for Cross-Layer Cyber Defense and Security Investment",
abstract = "The recent surge in ransomware attacks has threatened many critical infrastructures such as oil pipeline systems, hospitals, and industrial Internet of Things (IoT). Ransomware is a cryptoviral extortion attack that involves two phases: the cyber infection of the malware and the financial transaction of the ransom payment. As the ransomware attackers are financially motivated, the protection of the infrastructure networked systems requires a cross-layer risk analysis that not only examines the vulnerability of the cyber system but also consolidates the economics of ransom payment. To this end, this paper establishes a two-player multi-phase and multi-stage game framework to model cyber and economic phases of a ransomware attack. We use a zero-sum Markov game to capture the multi-stage penetration of ransomware in the lateral movement. A sequential-move game is proposed to model the ransom payment interactions at the second phase. Two games are composed to form a multi-phase and multi-stage game-in-games (MPMS-GiG) that enables a holistic risk assessment of ransomware in networks and a cross-layer design of cyber defense and investment strategies to mitigate the attack. We provide a complete equilibrium characterization of ransomware game and design interdependent optimal strategies for cyber protection and ransom payment. We use prospect theory to analyze the impact of human factors on equilibrium strategies. Finally, we use a prototypical industrial IoT network as a case study to corroborate the results.",
keywords = "Cybersecurity, Game theory, Internet of Things, Prospect theory, Ransomware, Risk assessment, Security economics",
author = "Yuhan Zhao and Yunfei Ge and Quanyan Zhu",
note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 12th International Conference on Decision and Game Theory for Security, GameSec 2021 ; Conference date: 25-10-2021 Through 27-10-2021",
year = "2021",
doi = "10.1007/978-3-030-90370-1_12",
language = "English (US)",
isbn = "9783030903695",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "208--228",
editor = "Branislav Bo{\v s}ansk{\'y} and Cleotilde Gonzalez and Stefan Rass and Stefan Rass and Arunesh Sinha",
booktitle = "Decision and Game Theory for Security - 12th International Conference, GameSec 2021, Proceedings",
address = "Germany",
}