Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats

Pawlick, Jeffrey; Nguyễn, Thị Thu Hằng; Colbert, E. J. M.; Zhu, Quanyan

doi:10.23919/wiopt47501.2019.9144123

Cited by 10 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Work by Pawlick et al [22] is the most similar to our work, also balancing the defender's choice between evicting an attacker versus waiting for more information. Their approach uses an infinite horizon MDP, and the defender gains information about the attacker by keeping them in honeypots.…”

Section: Related Worksupporting

confidence: 52%

Modeling observability in adaptive systems to defend against advanced persistent threats

Kinneer

Wagner

Fang

et al. 2019

Proceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for System Design

View full text Add to dashboard Cite

Advanced persistent threats (APTs) are a particularly troubling challenge for software systems. The adversarial nature of the security domain, and APTs in particular, poses unresolved challenges to the design of self-* systems, such as how to defend against multiple types of attackers with different goals and capabilities. In this interaction, the observability of each side is an important and under-investigated issue in the self-* domain. We propose a model of APT defense that elevates observability as a first-class concern. We evaluate this model by showing how an informed approach that uses observability improves the defender's utility compared to a uniform random strategy, can enable robust planning through sensitivity analysis, and can inform observability-related architectural design decisions. CCS CONCEPTS • Security and privacy → Formal security models; Systems security; • Computing methodologies → Artificial intelligence; Model development and analysis.

show abstract

Section: Related Worksupporting

confidence: 52%

Modeling observability in adaptive systems to defend against advanced persistent threats

Kinneer

Wagner

Fang

et al. 2019

Proceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for System Design

View full text Add to dashboard Cite

show abstract

“…Previous works [18,19] have investigated the adaptive honeypot deployment to effectively engage attackers without their notices. The authors in recent work [20] proposes a continuous-state Markov Decision Process (MDP) model and focuses on the optimal timing of the attacker ejection.…”

Section: Literaturementioning

confidence: 99%

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

Huang

Zhu

2020

Adaptive Autonomous Secure Cyber Systems

Self Cite

View full text Add to dashboard Cite

The increasing instances of advanced attacks call for a new defense paradigm that is active, autonomous, and adaptive, named as the '3A' defense paradigm. This chapter introduces three defense schemes that actively interact with attackers to increase the attack cost and gather threat information, i.e., defensive deception for detection and counter-deception, feedback-driven Moving Target Defense (MTD), and adaptive honeypot engagement. Due to the cyber deception, external noise, and the absent knowledge of the other players' behaviors and goals, these schemes possess three progressive levels of information restrictions, i.e., from the parameter uncertainty, the payoff uncertainty, to the environmental uncertainty. To estimate the unknown and reduce the uncertainty, we adopt three different strategic learning schemes that fit the associated information restrictions. All three learning schemes share the same feedback structure of sensation, estimation, and actions so that the most rewarding policies get reinforced and converge to the optimal ones in autonomous and adaptive fashions. This work aims to shed lights on proactive defense strategies, lay a solid foundation for strategic learning under incomplete information, and quantify the tradeoff between the security and costs.Recent instances of WannaCry ransomware, Petya cyberattack, and Stuxnet malware have demonstrated the trends of modern attacks and the corresponding new security challenges as follows.

show abstract

“…The topic of defensive deception has bee surveyed in [17], which includes a taxonomy of deception mechanisms and a review of game-theoretic models. Game and decision-theoretic models for deception have been studied in various contexts [12,27], including honeypots [16,18], adversarial machine learning [25,26], moving target defense [8,28], and cyber-physical control systems [15,19,20,29]. In this work, we extend the paradigm of cyber deception to reinforcement learning and establish a theoretical foundation for understanding the impact and the fundamental limits of such adversarial behaviors.…”

Section: Related Workmentioning

confidence: 99%

Deceptive Reinforcement Learning Under Adversarial Manipulations on Cost Signals

Huang

Zhu

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

This paper studies reinforcement learning (RL) under malicious falsification on cost signals and introduces a quantitative framework of attack models to understand the vulnerabilities of RL. Focusing on Q-learning, we show that Q-learning algorithms converge under stealthy attacks and bounded falsifications on cost signals. We characterize the relation between the falsified cost and the Q-factors as well as the policy learned by the learning agent which provides fundamental limits for feasible offensive and defensive moves. We propose a robust region in terms of the cost within which the adversary can never achieve the targeted policy. We provide conditions on the falsified cost which can mislead the agent to learn an adversary's favored policy. A numerical case study of water reservoir control is provided to show the potential hazards of RL in learningbased control systems and corroborate the results.

show abstract

Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats

Cited by 10 publications

References 15 publications

Modeling observability in adaptive systems to defend against advanced persistent threats

Modeling observability in adaptive systems to defend against advanced persistent threats

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

Deceptive Reinforcement Learning Under Adversarial Manipulations on Cost Signals

Contact Info

Product

Resources

About