Security defense against long-term and stealthy cyberattacks

Han, Kookyoung; Choi, Jin Hyuk; Choi, Yunsik; Lee, Gene Moo; Whinston, Andrew B.

doi:10.1016/j.dss.2022.113912

Cited by 3 publications

(4 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Second, we evaluate obtained strategies on an emulated IT infrastructure. This contrasts with most of the prior works that use game-theoretic approaches, which either evaluate strategies analytically or in simulation [8], [11], [57], [58], [74]- [76], [79], [81], [120]- [132], [161].…”

Section: A Game-theoretic Modeling In Network Securitymentioning

confidence: 89%

“…The game is modeled in different ways depending on the use case. Examples from the literature include: advanced persistent threat games [57], [74]- [76], [121], [122], [161], honeypot placement games [125]- [127], resource allocation games [41], [162], authentication games [8], distributed denial-of-service games [128], [133], situational awareness games [163], [164], moving target defense games [120], [165], jamming games [81], and intrusion response games [11], [31], [48], [53], [58], [79], [80], [124], [129]- [132], [134]. These games are formulated using various models from the game-theoretic literature.…”

Section: A Game-theoretic Modeling In Network Securitymentioning

confidence: 99%

See 1 more Smart Citation

Learning Near-Optimal Intrusion Responses Against Dynamic Attackers

Hammar

Stadler

2024

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

We study automated intrusion response and formulate the interaction between an attacker and a defender as an optimal stopping game where attack and defense strategies evolve through reinforcement learning and self-play. The gametheoretic modeling enables us to find defender strategies that are effective against a dynamic attacker, i.e. an attacker that adapts its strategy in response to the defender strategy. Further, the optimal stopping formulation allows us to prove that best response strategies have threshold properties. To obtain nearoptimal defender strategies, we develop Threshold Fictitious Self-Play (T-FP), a fictitious self-play algorithm that learns Nash equilibria through stochastic approximation. We show that T-FP outperforms a state-of-the-art algorithm for our use case. The experimental part of this investigation includes two systems: a simulation system where defender strategies are incrementally learned and an emulation system where statistics are collected that drive simulation runs and where learned strategies are evaluated. We argue that this approach can produce effective defender strategies for a practical IT infrastructure.

show abstract

Section: A Game-theoretic Modeling In Network Securitymentioning

confidence: 89%

Section: A Game-theoretic Modeling In Network Securitymentioning

confidence: 99%

Learning Near-Optimal Intrusion Responses Against Dynamic Attackers

Hammar

Stadler

2024

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…Second, we evaluate obtained strategies on an emulated IT infrastructure. This contrasts with most of the prior works that use game-theoretic approaches, which either evaluate strategies analytically or in simulation [8], [10], [54], [66]- [68], [71], [72], [107]- [119], [150].…”

Section: A Game-theoretic Modeling In Network Securitymentioning

confidence: 91%

“…The game is modeled in different ways depending on the use case. Examples from the literature include: advanced persistent threat games [54], [66]- [68], [71], [108], [109], [150], honeypot placement games [112]- [114], resource allocation games [38], [151], authentication games [8], distributed denial-of-service games [115], [120], situational awareness games [152], [153], moving target defense games [107], [154], and intrusion response games [10], [28], [45], [50], [72], [111], [116]- [119], [121]. These games are formulated using various models from the gametheoretic literature.…”

Section: A Game-theoretic Modeling In Network Securitymentioning

confidence: 99%

Learning Near-Optimal Intrusion Responses Against Dynamic Attackers

Hammar¹,

Stadler²

2023

Preprint

View full text Add to dashboard Cite

We study automated intrusion response and formulate the interaction between an attacker and a defender as an optimal stopping game where attack and defense strategies evolve through reinforcement learning and self-play. The gametheoretic modeling enables us to find defender strategies that are effective against a dynamic attacker, i.e. an attacker that adapts its strategy in response to the defender strategy. Further, the optimal stopping formulation allows us to prove that optimal strategies have threshold properties. To obtain nearoptimal defender strategies, we develop Threshold Fictitious Self-Play (T-FP), a fictitious self-play algorithm that learns Nash equilibria through stochastic approximation. We show that T-FP outperforms a state-of-the-art algorithm for our use case. The experimental part of this investigation includes two systems: a simulation system where defender strategies are incrementally learned and an emulation system where statistics are collected that drive simulation runs and where learned strategies are evaluated. We argue that this approach can produce effective defender strategies for a practical IT infrastructure.

show abstract