Abstract
In this paper, the Advanced Persistent Threats (APTs) defense for Internet of Things (IoT) is analyzed for inaccurate APT detection, i.e., both the miss detection rate and false alarm rate of the APT detection are considered. We formulate an expert system (ES)-based APT detection game, in which an expert will double-check the suspicious behavior or potential APT attackers reported by the autonomous and inaccurate APT detection system. The Nash equilibrium of the APT detection game for IoT with ES is derived, revealing the influence of the APT detection accuracy on the utilities of the IoT system and the attacker. We propose a Q-learning based APT detection method for the IoT system with ES in the dynamic game to obtain the optimal strategy without the knowledge of the attack model. Simulation results show that the proposed APT detection scheme can efficiently use the knowledge of the expert system to improve the defender’s utility and increase the security level of the IoT device compared with the benchmark detection scheme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Butun, I., Erol-Kantarci, M., Kantarci, B., Song, H.: Cloud-centric multi-level authentication as a service for secure public safety device networks. IEEE Commun. Mag. 54(4), 47–53 (2016)
Mehmood, A., Umar, M.M., Song, H.: ICMDS: secure inter-cluster multiple-key distribution scheme for wireless sensor networks. Ad Hoc Netw. 55, 97–106 (2017)
Song, H., Fink, G.A., Jeschke, S.: Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications. Wiley-IEEE Press, Hoboken (2017)
Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)
Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: Flipit: the game of stealthy takeover. J. Cryptol. 26(4), 655–713 (2013)
Zhang, M., Zheng, Z., Shroff, N.B.: A game theoretic model for defending against stealthy attacks with limited resources. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 93–112. Springer, Cham (2015). doi:10.1007/978-3-319-25594-1_6
Feng, X., Zheng, Z., Hu, P., Cansever, D., Mohapatra, P.: Stealthy attacks meets insider threats: a three-player game model. In: Military Communications Conference (MILCOM), pp. 25–30. IEEE (2015)
Farhang, S., Grossklags, J.: FlipLeakage: a game-theoretic approach to protect against stealthy attackers in the presence of information leakage. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 195–214. Springer, Cham (2016). doi:10.1007/978-3-319-47413-7_12
Pawlick, J., Farhang, S., Zhu, Q.: Flip the cloud: cyber-physical signaling games in the presence of advanced persistent threats. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 289–308. Springer, Cham (2015). doi:10.1007/978-3-319-25594-1_16
Xiao, L., Xie, C., Chen, T., Dai, H., Poor, H.V.: A mobile offloading game against smart attacks. IEEE Access 4, 2281–2291 (2016)
Xiao, L., Xu, D., Xie, C., Mandayam, N.B., Poor, H.V.: Cloud storage defense against advanced persistent threats: a prospect theoretic study. IEEE J. Sel. Areas Commun. 35(3), 534–544 (2017)
Xu, D., Xiao, L., Mandayam, N.B., Poor, H.V.: Cumulative prospect theoretic study of a cloud storage defense game against advanced persistent threats. In: IEEE International Conference on Computer Communications (INFOCOM WKSHPS). IEEE (2017)
Abass, A., Xiao, L., Mandayam, N.B., Gaijic, Z.: Evolutionary game theoretic analysis of advanced persistent threats against cloud storage. IEEE Access (2017)
Min, M., Xiao, L., Xie, C., Hajimirsadeghi, M., Mandayam, N.B.: Defense against advanced persistent threats: a colonel blotto game approach. In: IEEE International Conference on Communications (ICC). IEEE (2017)
Rass, S., Zhu, Q.: GADAPT: a sequential game-theoretic framework for designing defense-in-depth strategies against advanced persistent threats. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 314–326. Springer, Cham (2016). doi:10.1007/978-3-319-47413-7_18
Watkins, C.J., Dayan, P.: Q-learning. Mach. Learn. 8(3–4), 279–292 (1992)
Acknowledgments
This work was supported in part by the National Key Research and Development Program of China (2016YFB0800202), Key Research Program of Chinese MIIT under grant No. JCKY2016602B001, National Natural Science Foundation of China under Grants No. U1636120 and 61671396, CCF-Venustech Hongyan Research Initiative (2016-010), and Beijing Municipal Science & Technology Commission Grants No. Z161100002616032.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hu, Q., Lv, S., Shi, Z., Sun, L., Xiao, L. (2017). Defense Against Advanced Persistent Threats with Expert System for Internet of Things. In: Ma, L., Khreishah, A., Zhang, Y., Yan, M. (eds) Wireless Algorithms, Systems, and Applications. WASA 2017. Lecture Notes in Computer Science(), vol 10251. Springer, Cham. https://doi.org/10.1007/978-3-319-60033-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-60033-8_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60032-1
Online ISBN: 978-3-319-60033-8
eBook Packages: Computer ScienceComputer Science (R0)