Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis

Hu, Hao; Liu, Yuling; Zhang, Hongqi; Zhang, Yuchen

doi:10.1155/2018/5787102

Cited by 18 publications

(14 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They then converted the potential threats to a certain level of risk to measure the overall security. Hu et al [52] employed an absorbing Markov chain (AMC) to estimate the network security in combination with the big data correlation analysis technique. Wu et al [53] proposed a security situational awareness mechanism based on the analysis of big data in the smart grid.…”

Section: B Efficient Policy Selectionmentioning

confidence: 99%

Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

et al. 2019

View full text Add to dashboard Cite

In a real network environment, multiple types of attacks can occur. The more important the service or network, the more attacks it may suffer simultaneously. Moving target defense (MTD) technology is a revolutionary game-changing cyberspace technology that has found various applications in recent years. However, the existing strategies are targeted at defending against specific types of attacks and do not meet the security requirements for multiple attacks. Therefore, we propose a joint defense strategy based on the MTD that can select one or multiple mutant elements to defend against different types of attacks. In addition, we use the analytic hierarchy process (AHP) to quantify the factors affecting the attack and defense costs. After comprehensively analyzing the effects of the different MTD technologies against different attacks, we propose an efficient strategy selection algorithm based on joint defense. Finally, we conduct experiments to evaluate the selection of a joint defense strategy under multiple attacks. The experimental results demonstrate the feasibility and effectiveness of the proposed joint defense strategy selection approach. INDEX TERMS Moving target defense, efficient defensive strategy selection, multiple attack, joint defense, genetic algorithm.

show abstract

Section: B Efficient Policy Selectionmentioning

confidence: 99%

Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Network state and attack-defense action are important components of stochastic game model. Extraction of network state and attack-defense action is a key point in constructing attack-defense stochastic game model [21]. In the current attack-defense stochastic game, when describing the network state, each network state contains the security elements of all nodes in the current network.…”

Section: Network State and Attack-defense Action Extractionmentioning

confidence: 99%

Optimal Decision-Making Approach for Cyber Security Defense Using Game Theory and Intelligent Learning

Zhang

Liu

2019

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Existing approaches of cyber attack-defense analysis based on stochastic game adopts the assumption of complete rationality, but in the actual cyber attack-defense, it is difficult for both sides of attacker and defender to meet the high requirement of complete rationality. For this aim, the influence of bounded rationality on attack-defense stochastic game is analyzed. We construct a stochastic game model. Aiming at the problem of state explosion when the number of network nodes increases, we design the attack-defense graph to compress the state space and extract network states and defense strategies. On this basis, the intelligent learning algorithm WoLF-PHC is introduced to carry out strategy learning and improvement. Then, the defense decision-making algorithm with online learning ability is designed, which helps to select the optimal defense strategy with the maximum payoff from the candidate strategy set. The obtained strategy is superior to previous evolutionary equilibrium strategy because it does not rely on prior data. By introducing eligibility trace to improve WoLF-PHC, the learning speed is further improved and the defense timeliness is significantly promoted.

show abstract

“…e purpose of the attack graph [1][2][3][4][5] is to analyze the attack-defense actions of the network through nodes and edges in the graph. Attribute attack graph regards the condition or attribute of the network as a node in the attack graph.…”

Section: Introductionmentioning

confidence: 99%

“…Steps (1)-(4) are repeated until the attack-defense reaches a balance state at time t + k e network state transition during the attack process is shown inFigure 1(b).…”

mentioning

confidence: 99%

Efficient Defense Decision-Making Approach for Multistep Attacks Based on the Attack Graph and Game Theory

Liu

Zhang

et al. 2020

Mathematical Problems in Engineering

Self Cite

View full text Add to dashboard Cite

In the multistep attack scenario, each rational attack-defense player tries to maximize his payoff, but the uncertainty about his adversary prevents him from taking the favorable actions. How to select the best strategy from the candidate strategies to maximize the defense payoff becomes the core issue. For this purpose, the paper innovatively designs a game theory model from the point of network survivability in combination with the attribute attack graph. The attack graph is created based on the network connectivity and known vulnerabilities using the MulVAL toolkit, which gives the full view of all the known vulnerabilities and their interdependence. Then, we use the attack graph to extract attack-defense actions, candidate attack-defense strategies, attack-defense payoffs, and network states, as well as other game modeling elements. Afterwards, the payoffs of attack-defense strategies are quantified by integrating attack-defense strength and network survivability. In addition, we input the above elements into the game model. Through repeated learning, deduction, and improvement, we can optimize the layout of defense strategies. Finally, the efficient strategy selection approach is designed on the tradeoff between defense cost and benefit. The simulation of attack-defense confrontation in small-scale LAN shows that the proposed approach is reliable and effective.

show abstract

Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis

Cited by 18 publications

References 19 publications

Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

Optimal Decision-Making Approach for Cyber Security Defense Using Game Theory and Intelligent Learning

Efficient Defense Decision-Making Approach for Multistep Attacks Based on the Attack Graph and Game Theory

Contact Info

Product

Resources

About