Using Signaling Games to Model the Multi-step Attack-Defense Scenarios on Confidentiality

  • Jingqiang Lin
  • Peng Liu
  • Jiwu Jing
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7638)


In the multi-step attack-defense scenarios (MSADSs), each rational player (the attacker or the defender) tries to maximize his payoff, but the uncertainty about his opponent prevents him from taking the suitable actions. The defender doesn’t know the attacker’s target list, and may deploy unnecessary but costly defenses to protect machines not in the target list. Similarly, the attacker doesn’t know the deployed protections, and may spend lots of time and effort on a well-protected machine. We develop a repeated two-way signaling game to model the MSADSs on confidentiality, and show how to find the actions maximizing the expected payoffs through the equilibrium. In the proposed model, on receiving each intrusion detection system alert (i.e., a signal), the defender follows the equilibrium to gradually reduce the uncertainty about the attacker’s targets and calculate the defenses maximizing his expected payoff.


Attack graph game theory multi-step attack-defense scenario signaling game 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alpcan, T., Basar, T.: A game theoretic approach to decision and analysis in network intrusion detection. In: IEEE Conference on Decision and Control (CDC), pp. 2595–2600 (2003)Google Scholar
  2. 2.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: ACM Conference on Computer Communications Security (CCS), pp. 217–224 (2002)Google Scholar
  3. 3.
    Beckery, S., Seibert, J., et al.: Applying game theory to analyze attacks and defenses in virtual coordinate systems. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 133–144 (2011)Google Scholar
  4. 4.
    Bohme, R., Moore, T.: The iterated weakest link: A model of adaptive security investment. In: Workshop on Economics of Information Security (WEIS) (2009)Google Scholar
  5. 5.
    Cheung, S., Lindqvist, U., Fong, M.: Modeling multistep cyber attacks for scenario recognition. In: DARPA Information Survivability Conference and Exposition (DISCEX), pp. 284–292 (2003)Google Scholar
  6. 6.
    Estiri, M., Khademzadeh, A.: A theoretical signaling game model for intrusion detection in wireless sensor networks. In: International Telecommunications Network Strategy and Planning Symposium (Networks), pp. 1–6 (2010)Google Scholar
  7. 7.
    Fultz, N., Grossklags, J.: Blue versus Red: Towards a Model of Distributed Security Attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Gibbons, R.: Game Theory for Applied Economists. Princeton Press (1992)Google Scholar
  9. 9.
    Khouzani, M., Sarkar, S., Altman, E.: A dynamic game solution to malware attack. In: IEEE INFOCOM, pp. 2138–2146 (2011)Google Scholar
  10. 10.
    Li, F., Yang, Y., Wu, J.: Attack and flee: Game-theory-based analysis on interactions among nodes in MANETs. IEEE Transactions on Systems, Man and Cybernetics - Part B: Cybernetics 40(3), 612–622 (2010)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Liu, P., Zang, W.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. In: ACM Conference on Computer Communications Security (CCS), pp. 179–189 (2003)Google Scholar
  12. 12.
    Liu, Y., Comaniciu, C., Man, H.: A Bayesian game approach for intrusion detection in wireless ad hoc networks. In: International Workshop on Game Theory for Communications and Networks (GameNets), pp. 3–14 (2006)Google Scholar
  13. 13.
    Luo, Y., Szidarovszky, F., et al.: Game theory based network security. Journal of Information Security 1(1), 41–44 (2010)CrossRefGoogle Scholar
  14. 14.
    Lye, K., Wing, J.: Game strategies in network security (extended abstract). In: IEEE Computer Security Foundations Workshop (CSFW), pp. 2–11 (2002)Google Scholar
  15. 15.
    Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system (version 2.0). Forum of Incident Response and Security Teams (2007)Google Scholar
  16. 16.
    National Institute of Standards and Technology, USA. National vulnerability database (2010),
  17. 17.
    Nguyen, K., Alpcan, T., Basar, T.: Security games with incomplete information. In: IEEE International Conference on Communications (ICC), pp. 714–719 (2009)Google Scholar
  18. 18.
    Ning, P., Cui, Y., Reeves, D.: Constructing attack scenarios through correlation of intrusion alerts. In: ACM Conference on Computer Communications Security (CCS), pp. 245–254 (2002)Google Scholar
  19. 19.
    Noel, S., Jajodia, S., et al: Efficient minimum-cost network hardening via exploit dependency graphs. In: Annual Computer Security Applications Conference (ACSAC), pp. 86–95 (2003)Google Scholar
  20. 20.
    Ou, X., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: ACM Conference on Computer Communications Security (CCS), pp. 336–345 (2006)Google Scholar
  21. 21.
    Patcha, A., Park, J.-M.: A game theoretic approach to modeling intrusion detection in mobile ad hoc networks. In: IEEE Workshop on Information Assurance and Security, pp. 1555–1559 (2004)Google Scholar
  22. 22.
    Sallhammar, K., Helvik, B., Knapskog, S.: On stochastic modeling for integrated security and dependability evaluation. Journal of Networks 1(5), 31–42 (2006)CrossRefGoogle Scholar
  23. 23.
    Schiffman, M., Eschelbeck, G., et al.: CVSS: A common vulnerability scoring system. National Infrastructure Advisory Council (2004)Google Scholar
  24. 24.
    Shen, D., Chen, G., et al.: Adaptive Markov game theoretic data fusion approach for cyber network defense. In: IEEE Military Communications Conference (MILCOM), pp. 1–7 (2007)Google Scholar
  25. 25.
    Sheyner, O., Haines, J., et al.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy (S&P), pp. 254–265 (2002)Google Scholar
  26. 26.
    Valeur, F., Vigna, G., et al.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 1(3), 146–169 (2004)CrossRefGoogle Scholar
  27. 27.
    Wang, W., Chatterjee, M., Kwiat, K.: Coexistence with malicious nodes: A game theoretic approach. In: ICST International Conference on Game Theory for Networks (GameNets), pp. 277–286 (2009)Google Scholar
  28. 28.
    Xie, P., Li, J., et al.: Using Bayesian networks for cyber security analysis. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 211–220 (2010)Google Scholar
  29. 29.
    Zhang, Z., Ho, P.-H.: Janus: A dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks. Journal of Network and Computer Applications 32(3), 710–720 (2009)CrossRefGoogle Scholar
  30. 30.
    Zhu, Q., Basar, T.: Dynamic policy-based IDS configuration. In: IEEE Conference on Decision and Control (CDC), pp. 8600–8605 (2009)Google Scholar
  31. 31.
    Zonouz, S., Khurana, H., et al.: RRE: A game-theoretic intrusion response and recovery engine. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 439–448 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jingqiang Lin
    • 1
  • Peng Liu
    • 2
  • Jiwu Jing
    • 1
  1. 1.State Key Lab of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.College of Information Sciences and TechnologyPennsylvania State UniversityUniversity ParkUSA

Personalised recommendations