Fall 2016 Research: Week 2
Ref #1:
Chung, Keywhan, Charles Kamhoua A., Kevin Kwiat A., Zbigniew Kalbarczyk T., and Ravishankar Iyer K. "Game Theory with Learning for Cyber Security Monitoring." 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE) (2016): 1-8. IEEE Xplore. Web. 15 Sept. 2016.
Contributions:
Motivates the approach through a study of real incidents. From an analysis of the Target data breach and earlier work on security incidents, we show the need for automation in incident response.
• Models the battle of an attacker and a defender as a security game. Using real incident data from the National Center of Supercomputing Applications (NCSA), we derive an attack model that reflects both the attacker’s and defender’s perspective, and we use the model to formulate a security game. In terms of a security game, this model represents the worst case where the attacker can perform all attacks shown in the dataset.
• Presents an experimental result showing the possibility of applying Nave Q-Learning for effectively learning the opponent’s behavior and making a proper decision. Comparing the performance of different decision making algorithms, we present simulation results that show Naive Q-Learning performing better than algorithms with restricted assumptions, especially against irrational attackers
Attacker: The attacker is an opponent who accesses the system with the intention of threatening its security. Attacks can vary from a single action to a sequence of activities. In this paper, we limit our interest to attacks that consist of multiple activities that lead to an ultimate goal.
Defender: The defender is a party that is in charge of making proper responses to secure the system from malicious attacks. The defender has a set of monitors to protect the system. The main objective of this player is to make proper responses in a preemptive manner based on a limited view of the system status, relying on monitors
Ref #2:
Compte, Alexis Le, David Elizondo, and Tim Watson. "A Renewed Approach to Serious Games for Cyber Security." 2015 7th International Conference on Cyber Conflict: Architectures in Cyberspace (2015): 203-16. IEEE Xplore. Web. 15 Sept. 2016.
To this end, a framework for designing serious games which are aimed at raising an awareness of cyber security to those with little or no knowledge of the subject is presented. The framework, based upon existing frameworks and methodologies, is also accompanied with a set of cyber security skills, itself based upon content extracted from government sponsored awareness campaigns, and a method of integrating these skills into the framework. Finally, future research will be conducted to refine the framework and to improve the set of cyber security related skills in order to suit a larger range of players. A proof of concept will also be designed in order to collect empirical data and to validate the effectiveness of the framework.
Serious Game: “a mental contest, played with a computer in accordance with specific rules, that uses entertainment to further government or 205 corporate training, education, health, public policy, and strategic communication objectives”
CyberCIEGE: game that offers a realistic virtual world in which players have to operate and defend a computer network. From a pedagogic point of view, the game encompasses seven fundamental cyber security related topics. The game has also been the object of many academic publications and has shown good pedagogic benefits
Also see: CyberNEXS
*Most games are simulation based
Ref #3:
Gupta, Abhishek, Cedric Langbort, and Tamer Basar. "Dynamic Games with Asymmetric Information and Resource Constrained Players with Applications to Security of Cyber-Physical Systems." IEEE Transactions on Control of Network Systems IEEE Trans. Control Netw. Syst. (2016): 1-10.IEEE Xplore. Web. 16 Sept. 2016.
Model attacks on a cyber-physical system as a game between two players–the attacker and the system. The players may not acquire the complete information about each-other, and that leads to an asymmetric information game. Furthermore, the players may have certain fixed amount of resources, which constrains their strategies across time. Consider a dynamic multi-player non-zero sum game with asymmetric information in which controllers have total resource constraints. Under certain assumptions on the information structure of the game, devise an algorithm that computes a subclass of Nash equilibria of the game. Study a denial-of-service attack on a cyber-physical system, model it as two-player zero-sum games, and apply our algorithm to compute the saddle-point equilibrium strategies of the attacker and the controller.