A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Huang, Linan; Zhu, Quanyan

doi:10.1016/j.cose.2019.101660

Cited by 110 publications

(62 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We plot the feedback Bayesian learning process in Fig. 2 and elaborate each element in the following subsections based on our previous work [5].…”

Section: Bayesian Learning For Uncertain Parametersmentioning

confidence: 99%

“…Next, we update the belief at each stage based on the computed equilibrium strategy. We iterate the above update on the equilibrium strategy and belief until they satisfy condition C1 as demonstrated in [5]. If the type space is continuous, then the Bayesian update can be simplified into a parametric update under the conjugate prior assumption.…”

Section: Utility and Pbnementioning

confidence: 99%

“…In this chapter, we illustrate three active defense schemes in our previous works, which are designed based on the new cyber security principle. They are defensive deception for detection and counter-deception [3,4,5] in Section 2, feedback-driven Moving Target Defense (MTD) [6] in Section 3, and adaptive honeypot engagement [7] in Section 4. All three schemes is of incomplete information, and we arrange them based on three progressive levels of information restrictions as shown in the left part of Fig.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

Huang

Zhu

2020

Adaptive Autonomous Secure Cyber Systems

Self Cite

View full text Add to dashboard Cite

The increasing instances of advanced attacks call for a new defense paradigm that is active, autonomous, and adaptive, named as the '3A' defense paradigm. This chapter introduces three defense schemes that actively interact with attackers to increase the attack cost and gather threat information, i.e., defensive deception for detection and counter-deception, feedback-driven Moving Target Defense (MTD), and adaptive honeypot engagement. Due to the cyber deception, external noise, and the absent knowledge of the other players' behaviors and goals, these schemes possess three progressive levels of information restrictions, i.e., from the parameter uncertainty, the payoff uncertainty, to the environmental uncertainty. To estimate the unknown and reduce the uncertainty, we adopt three different strategic learning schemes that fit the associated information restrictions. All three learning schemes share the same feedback structure of sensation, estimation, and actions so that the most rewarding policies get reinforced and converge to the optimal ones in autonomous and adaptive fashions. This work aims to shed lights on proactive defense strategies, lay a solid foundation for strategic learning under incomplete information, and quantify the tradeoff between the security and costs.Recent instances of WannaCry ransomware, Petya cyberattack, and Stuxnet malware have demonstrated the trends of modern attacks and the corresponding new security challenges as follows.

show abstract

“…We plot the feedback Bayesian learning process in Fig. 2 and elaborate each element in the following subsections based on our previous work [5].…”

Section: Bayesian Learning For Uncertain Parametersmentioning

confidence: 99%

Section: Utility and Pbnementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

Huang

Zhu

2020

Adaptive Autonomous Secure Cyber Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…(2) Attack detection methods based on physical power grid data ignore the impact of cyber network attacks on the performance of smart grids. The effects of power grid failures and cyber-attacks on the physical side are similar, and it is difficult to distinguish them based on data characteristics (Liu et al, 2016;Huang and Zhu, 2020). (3) A cyber-attack is characterized by unbalanced attack samples, high data dimensionality, and noise, and data with a long tail are common.…”

Section: Introductionmentioning

confidence: 99%

Coordinated Cyber-Attack Detection Model of Cyber-Physical Power System Based on the Operating State Data Link

Wang

et al. 2021

Front. Energy Res.

View full text Add to dashboard Cite

Existing coordinated cyber-attack detection methods have low detection accuracy and efficiency and poor generalization ability due to difficulties dealing with unbalanced attack data samples, high data dimensionality, and noisy data sets. This paper proposes a model for cyber and physical data fusion using a data link for detecting attacks on a Cyber–Physical Power System (CPPS). The two-step principal component analysis (PCA) is used for classifying the system’s operating status. An adaptive synthetic sampling algorithm is used to reduce the imbalance in the categories’ samples. The loss function is improved according to the feature intensity difference of the attack event, and an integrated classifier is established using a classification algorithm based on the cost-sensitive gradient boosting decision tree (CS-GBDT). The simulation results show that the proposed method provides higher accuracy, recall, and F-Score than comparable algorithms.

show abstract

“…Another strategy is to use game-theoretic approaches such as [15] and [16]. These approaches have the advantage of providing proactive dynamic defenses.…”

Section: Introductionmentioning

confidence: 99%

Switched-Based Resilient Control of Cyber-Physical Systems

Segovia-Ferreira¹,

Rubio‐Hernan²,

Cavalli³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

We present a control-theoretic approach to achieve Cyber-Physical Systems (CPS) resilient designs. We assume situations in which the CPS must maintain the correct operation of a set of crucial functionalities despite ongoing adversarial misbehavior. The approach is based on a moving target defense paradigm, driven by a linear switching of state-space matrices, and applied at both the physical and network layers of a networked-control system. We show that the final system maintains stability. We also evaluate, via simulation, a step-by-step procedure that takes a transfer function, representing the dynamics of the physical process. As a result, we obtain a resilient CPS design structured around a topology of decentralized controllers. Results show that the obtained approach is both innovative and promising.

show abstract

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Cited by 110 publications

References 32 publications

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

Coordinated Cyber-Attack Detection Model of Cyber-Physical Power System Based on the Operating State Data Link

Switched-Based Resilient Control of Cyber-Physical Systems

Contact Info

Product

Resources

About