Abstract
We investigate the problem of defending a cyber network against progressive attacks from an adversary. The defender is unable to perfectly observe attacks and the network’s security status and instead must use its imperfect observations to determine a defense strategy. The nature of the defender’s imperfect information is assumed to be non-probabilistic. Thus, the defender takes a conservative (minmax) approach to defending the network, attempting to construct a defense policy that minimizes the worst-case damage. Determining an optimal minmax defense strategy proves to be computationally intractable even for small-scale networks. To address this dimensionality issue, we propose a scalable decomposition method which involves the construction of multiple local defense problems, each equipped with a corresponding local defense policy. The local defense policies communicate information with one another with the goal of achieving network-wide security. The local defense problem’s construction is based on a decomposition of the network into clusters. For the decomposition, we use the notion of an influence graph to describe the dependencies among the security states of the network’s nodes. These dependencies, along with the available computational capability, are used to determine clusters of nodes, with each cluster corresponding to a local defense problem. After clusters are specified, we design the information structure of the network, that is, the information each local defense problem has over time to defend its own cluster; this information includes the data the local defense problem gathers from the environment along with the data communicated by other local defense policies. We illustrate the decomposition methodology with an example.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alpcan T, Başar T (2010) Network security: A decision and game-theoretic approach. Cambridge University Press
Baras JS, James MR (1994) Robust and risk-sensitive output feedback control for finite state machines and hidden Markov models. Tech. rep., Institute for Systems Research
Bernhard P (1995) Expected values, feared values, and partial information optimal control. In: New trends in dynamic games and applications, Springer, pp 3–24
Bernhard P (2000) Max-plus algebra and mathematical fear in dynamic optimization. Set-Valued Analysis 8(1–2):71–84
Bernhard P (2003) Minimax – or feared value – L1∕L∞ control. Theoretical computer science 293(1):25–44
Bertsekas D, Rhodes I (1973) Sufficiently informative functions and the minimax feedback control of uncertain dynamic systems. IEEE Transactions on Automatic Control 18(2):117–124
Bertsekas DP (1971) Control of uncertain systems with a set-membership description of the uncertainty. Tech. rep., DTIC Document
Bertsekas DP, Rhodes IB (1971) On the minimax feedback control of uncertain dynamic systems. In: 1971 IEEE conference on decision and control. 10:451–455
Coraluppi SP, Marcus SI (1999) Risk-sensitive and minimax control of discrete-time, finite-state Markov decision processes. Automatica 35(2):301–309
Foo B, Glause MW, Howard GM, Wu YS, Bagchi S, Spafford EH (2008) Intrusion response systems: a survey. In: Information Assurance: Dependability and Security in Networked Systems, Morgan Kaufmann, Burlington, MA, chap 13:377–416
Inayat Z, Gani A, Anuar NB, Khan MK, Anwar S (2016) Intrusion response systems: Foundations, design, and challenges. Journal of Network and Computer Applications 62:53–74
Johnson EL, Mehrotra A, Nemhauser GL (1993) Min-cut clustering. Mathematical programming 62(1–3):133–151
Krzakala F, Moore C, Mossel E, Neeman J, Sly A, Zdeborová L, Zhang P (2013) Spectral redemption in clustering sparse networks. Proceedings of the National Academy of Sciences 110(52):20,935–20,940
Ligatti J, Bauer L, Walker D (2005) Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1):2–16
Lye K, Wing JM (2005) Game strategies in network security. International Journal of Information Security 4(1–2):71–86
Manshaei MH, Zhu Q, Alpcan T, Başar T, Hubaux JP (2013) Game theory meets network security and privacy. ACM Comput Surv 45(3):1–39
Miehling E, Rasouli M, Teneketzis D (2015) Optimal defense policies for partially observable spreading processes on Bayesian attack graphs. In: Proceedings of the Second ACM Workshop on Moving Target Defense, ACM, pp 67–76
Ouyang Y, Tavafoghi H, Teneketzis D (2017) Dynamic games with asymmetric information: common information based perfect Bayesian equilibria and sequential decomposition. IEEE Trans Autom Control 62(1):222–237
Rasouli M, Miehling E, Teneketzis D (2014) A supervisory control approach to dynamic cyber-security. In: Decision and Game Theory for Security, Springer, pp 99–117
Schneider FB (2000) Enforceable security policies. ACM Trans Inf Syst Secur 3(1):30–50
Shameli-Sendi A, Ezzati-Jivan N, Jabbarifar M, Dagenais M (2012) Intrusion response systems: survey and taxonomy. International Journal of Computer Science and Network Security 12(1):1–14
Tavafoghi H, Ouyang Y, Teneketzis D (2016) On stochastic dynamic games with delayedsharing information structure. In: 2016 IEEE 55th conference on decision and control, IEEE, pp 7002–7009
Witsenhausen H (1968) A minimax control problem for sampled linear systems. IEEE Transactions on Automatic Control 13(1):5–21
Witsenhausen HS (1966) Minimax control of uncertain systems. PhD thesis, Massachusetts Institute of Technology, Cambridge, Massachusetts 02139
Acknowledgements
This research was partially supported by NSF grant CNS-1238962, ARO MURI grant W911NF-13-1-0421, and ARO grant W911NF-17-1-0232. The authors are grateful to Michael P. Wellman, Hamidreza Tavafoghi, Ouyang Yi, and Ashutosh Nayyar for useful conversations.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Rasouli, M., Miehling, E., Teneketzis, D. (2018). A Scalable Decomposition Method for the Dynamic Defense of Cyber Networks. In: Rass, S., Schauer, S. (eds) Game Theory for Security and Risk Management. Static & Dynamic Game Theory: Foundations & Applications. Birkhäuser, Cham. https://doi.org/10.1007/978-3-319-75268-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-75268-6_4
Published:
Publisher Name: Birkhäuser, Cham
Print ISBN: 978-3-319-75267-9
Online ISBN: 978-3-319-75268-6
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)