Advertisement

Optimal Inspection Plans

  • Stefan Rass
  • Stefan Schauer
  • Sandra König
  • Quanyan Zhu
Chapter
  • 36 Downloads
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)

Abstract

In this chapter, we consider games for the computation of optimal strategies of how, how often, and when to inspect along a production line, or general industrial process. We review basic concepts of statistical tests, conducted whenever the defender chooses its action to “inspect”, and to understand cheating strategies for the adversary trying to escape detection along the statistical test. This non-detection game is then embedded into an outer sequential game over several stages of inspection, accounting for limited resources and possibilities of the defender to check repeatedly. We also consider inspections as a defense pattern against advanced persistent threat (APT), with two models suitable for two distinct type of APTs: the FlipIt game is discussed as a model when the APT’s goal is to gain longest possible control over an infrastructure, without wishing to damage or destroy it permanently. Complementary to this is the Cut-The-Rope game about defending against an APT whose goal is hitting a vital asset and to destroy or at least permanently damage a critical infrastructure.

References

  1. 1.
    Avenhaus R, von Stengel B, Zamir S (2002) Inspection games: 51. In: Aumann RJ, Hart S (eds) Handbook of game theory with economic applications, vol 3. Elsevier, Amsterdam, pp 1947–1987Google Scholar
  2. 2.
    Benford F (1938) The law of anomalous numbers. Proc Am Philos Soc 78(4):551–572zbMATHGoogle Scholar
  3. 3.
    CyVision CAULDRON (2018) http://www.benvenisti.net/
  4. 4.
    Dijk M, Juels A, Oprea A, Rivest RL (2013) FlipIt: the game of stealthy takeover. J Cryptol 26(4):655–713. https://doi.org/10.1007/s00145-012-9134-5 MathSciNetCrossRefGoogle Scholar
  5. 5.
    Jajodia S, Ghosh AK, Subrahmanian VS, Swarup V, Wang C, Wang XS (eds) (2013) Moving target defense II – application of game theory and adversarial modeling. Advances in information security, vol 100. Springer. http://dx.doi.org/10.1007/978-1-4614-5416-8
  6. 6.
    Jajodia S, Ghosh AK, Swarup V, Wang C, Wang XS (eds) (2011) Moving target defense – creating asymmetric uncertainty for cyber threats. Advances in information security, vol 54. Springer. http://dx.doi.org/10.1007/978-1-4614-0977-9
  7. 7.
    Jajodia S, Noel S, O’Berry B (2005) Topological analysis of network attack vulnerability. In: Kumar V., Srivastava J., Lazarevic A. (eds) Managing Cyber Threats. Massive Computing, vol 5. Springer, Boston, MAGoogle Scholar
  8. 8.
    König S, Gouglidis A, Green B, Solar A (2018) Assessing the impact of malware attacks in utility networks, pp 335–351. Springer International Publishing, Cham. https://doi.org/10.1007/978-3-319-75268-6_14
  9. 9.
    Lehmann EL, Romano JP (2005) Testing statistical hypotheses. Springer texts in statistics, 3rd edn. Springer, New YorkGoogle Scholar
  10. 10.
    Neyman J, Pearson ES (1933) On the problem of the most efficient tests of statistical hypotheses. Philos Trans R Soc A Math Phys Eng Sci 231(694–706):289–337.  https://doi.org/10.1098/rsta.1933.0009 zbMATHGoogle Scholar
  11. 11.
    Nigrini MJ (2002) The detection of income tax evasion through an analysis of digital distributions. Ph.D. thesis, University of CincinnatiGoogle Scholar
  12. 12.
    R Core Team: R (2018) A language and environment for statistical computing. R Foundation for Statistical Computing, Vienna. https://www.R-project.org/
  13. 13.
    Rass S, König S, Panaousis E (2019) Cut-The-Rope: a game of stealthy intrusion. In: Alpcan T, Vorobeychik Y, Baras JS, Dán G (eds) Decision and game theory for security. Springer International Publishing, Cham, pp 404–416CrossRefGoogle Scholar
  14. 14.
    Rass S, Konig S, Schauer S (2017) Defending against advanced persistent threats using game-theory. PLoS ONE 12(1):e0168675.  https://doi.org/10.1371/journal.pone.0168675 CrossRefGoogle Scholar
  15. 15.
    Siddiqi N (2017) Intelligent credit scoring: building and implementing better credit risk scorecards, 2nd edn. Wiley, HobokenCrossRefGoogle Scholar
  16. 16.
    Singhal A, Ou X (2011) Security risk analysis of enterprise networks using probabilistic attack graphs. Technical report, National Institute of Standards and Technology (NIST). NIST Interagency Report 7788Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Universitaet KlagenfurtKlagenfurtAustria
  2. 2.Austrian Institute of Technology GmbHWienAustria
  3. 3.Tandon School of EngineeringNew York UniversityBrooklynUSA

Personalised recommendations