Attack-defense game model for advanced persistent threats with asymmetric information

doi:10.11772/j.issn.1001-9081.2017.09.2557

Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (9): 2557-2562.DOI: 10.11772/j.issn.1001-9081.2017.09.2557

Previous Articles Next Articles

Attack-defense game model for advanced persistent threats with asymmetric information

SUN Wenjun¹, SU Yang^1,2, CAO Zhen¹

1. Key Laboratory of Network & Information Security, University of the People's Armed Police Force, Xi'an Shaanxi 710086, China;
2. Institute of Information Security, University of the People's Armed Police Force, Xi'an Shaanxi 710086, China

Received:2017-03-17 Revised:2017-04-13 Online:2017-09-10 Published:2017-09-13
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61402531), the Natural Science Foundation Research Project of Shaanxi Province (2014JQ8358, 2015JQ6231, 2014JQ8307).

非对称信息条件下APT攻防博弈模型

孙文君¹, 苏旸^1,2, 曹镇¹

1. 武警工程大学网络与信息安全武警部队重点实验室, 西安 710086;
2. 武警工程大学信息安全研究所, 西安 710086

通讯作者: 孙文君,sunwenjun94@163.com
作者简介:孙文君(1994-),男,江西上饶人,硕士研究生,CCF会员,主要研究方向:信息安全、网络攻防;苏旸(1975-),男,陕西西安人,教授,博士,CCF会员,主要研究方向:信息安全、网络攻防;曹镇(1994-),男,山东菏泽人,硕士研究生,主要研究方向:信息安全、信息隐藏。
基金资助:
国家自然科学基金资助项目（61402531）；陕西省自然科学基础研究计划项目（2014JQ8358， 2015JQ6231， 2014JQ8307）。

Abstract

Abstract: To solve the problem of the lack of modeling and analysis of Advanced Persistent Threat (APT) attacks, an attack-defense game model based on FlipIt with asymmetric information was proposed. Firstly, the assets such as targeted hosts in the network system were abstracted as the target resource nodes and the attack-defense scenarios were described as the alternating control of the target nodes. Then, considering the asymmetry of the feedback information observed by the two sides and the incomplete defensive effect, the conditions of the payoff model and the optimal strategy of the attacker and defender were proposed in the case of renewal defense strategy. Besides, theorems of simultaneous and sequential equilibrium were proposed and demonstrated. Finally, numerical illustrations were given to analyze the factors of equilibrium strategy as well as defense payoff and to compare simultaneous and sequential equilibrium. The experimental results show that period strategy is defender's best strategy and the defender can achieve sequential equilibrium meanwhile obtaining more payoffs compared with simultaneous equilibrium by announcing her defense strategy in advance. Conclusions show that the proposed model can theoretically guide defense strategy towards stealthy APT attacks.

Key words: game theory, asymmetric information, network attack, Advanced Persistent Threat (APT), cyber security

摘要： 针对目前缺少对高级持续威胁（APT）攻击理论建模分析的问题，提出了一种基于FlipIt模型的非对称信息条件下的攻防博弈模型。首先，将网络系统中的目标主机等资产抽象为目标资源节点，将攻防场景描述为攻防双方对目标资源的交替控制；然后，考虑到攻防双方在博弈中观察到的反馈信息的不对称性以及防御效果的不彻底性，给出了在防御者采取更新策略时攻防双方的收益模型及最优策略的条件，同时给出并分别证明了达到同步博弈与序贯博弈均衡条件的定理；最后通过数例分析了影响达到均衡时的策略及防御收益的因素，并比较了同步博弈均衡与序贯博弈均衡。结果表明周期策略是防御者的最优策略，并且与同步博弈均衡相比，防御者通过公布其策略达到序贯博弈均衡时的收益更大。实验结果表明所提模型能够在理论上指导应对隐蔽性APT攻击的防御策略。

关键词: 博弈论, 非对称信息, 网络攻击, 高级持续威胁, 网络安全

CLC Number:

TP393.08

SUN Wenjun, SU Yang, CAO Zhen. Attack-defense game model for advanced persistent threats with asymmetric information[J]. Journal of Computer Applications, 2017, 37(9): 2557-2562.

孙文君, 苏旸, 曹镇. 非对称信息条件下APT攻防博弈模型[J]. 计算机应用, 2017, 37(9): 2557-2562.

References

[1] TANKARD C. Advanced persistent threats and how to monitor and deter them[J]. Network Security, 2011, 2011(8):16-19.
[2] 付钰,李洪成,吴晓平,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.(FU Y, LI H C, WU X P, et al. Detecting APT attacks:a survey from the perspective of big data analysis[J]. Journal on Communications, 2015, 36(11):1-14.)
[3] RASS S, KÖNIG S, SCHAUER S. Defending against advanced persistent threats using game-theory[J]. Plos One, 2017, 12(1):e0168675.
[4] MANSHAEI M H, ZHU Q, ALPCAN T, et al. Game theory meets network security and privacy[J]. ACM Computing Surveys, 2013, 45(3):Article No. 25.
[5] 姜伟,方滨兴,田志宏,等.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报,2009,32(4):817-827.(JIANG W, FANG B X, TIAN Z H, et al. Evaluating network security and optimal active defense based on attack-defense game model[J]. Chinese Journal of Computers, 2009, 32(4):817-827.)
[6] 林旺群,王慧,刘家红,等.基于非合作动态博弈的网络安全主动防御技术研究[J].计算机研究与发展,2011,48(2):306-316.(LIN W Q, WANG H, LIU J H, et al. Research on active defense technology in network security based on non-cooperative dynamic game theory[J]. Journal of Computer Research and Development, 2011, 48(2):306-316.)
[7] 陈永强,付钰,吴晓平.基于非零和攻防博弈模型的主动防御策略选取方法[J].计算机应用,2013,33(5):1347-1352.(CHEN Y Q, FU Y, WU X P. Active defense strategy selection based on non-zero-sum attack-defense game model[J]. Journal of Computer Applications, 2013, 33(5):1347-1352.)
[8] 张恒巍,余定坤,韩继红,等.基于攻防信号博弈模型的防御策略选取方法[J].通信学报,2016,37(5):51-61.(ZHANG H W, YU D K, HAN J H, et al. Defense policies selection method based on attack-defense signaling game model[J]. Journal on Communications, 2016, 37(5):51-61.)
[9] VAN DIJK M, JUELS A, OPREA A, et al. FlipIt:the game of "stealthy takeover"[J]. Journal of Cryptology, 2013, 26(4):655-713.
[10] BOWERS K D, VAN DIJK M, GRIFFIN R, et al. Defending against the unknown enemy:applying flipIt to system security[C]//International Conference on Decision and Game Theory for Security, LNCS 7638. Berlin:Springer, 2012:248-263.
[11] PHAM V, CID C. Are we compromised? Modelling security assessment games[C]//International Conference on Decision and Game Theory for Security, LNCS 7638. Berlin:Springer, 2012:234-247.
[12] LASZKA A, HORVATH G, FELEGYHAZI M, et al. FlipThem:modeling targeted attacks with flipIt for multiple resources[C]//International Conference on Decision and Game Theory for Security, LNCS 8840. Berlin:Springer, 2014:175-194.
[13] ZHANG M, ZHENG Z Z, SHROFF N B. Stealthy attacks and observable defenses:a game theoretic model under strict resource constraints[C]//Proceedings of the 2014 IEEE Global Conference on Signal and Information Processing. Piscataway, NJ:IEEE, 2014:813-817.
[14] FENG X, ZHENG Z, HU P, et al. Stealthy attacks meets insider threats:a three-player game model[C]//Proceedings of the 2015 IEEE Military Communications Conference. Piscataway, NJ:IEEE, 2015:25-30.
[15] FENG X, ZHENG Z, CANSEVER D, et al. Stealthy attacks with insider information:a game theoretic model with asymmetric feedback[EB/OL].[2016-11-22]. http://spirit.cs.ucdavis.edu/pubs/conf/xiaotao-milcom16.pdf.
[16] FARHANG S, GROSSKLAGS J. FlipLeakage:a game-theoretic approach to protect against stealthy attackers in the presence of information leakage[C]//International Conference on Decision and Game Theory for Security, LNCS 9996. Berlin:Springer, 2016:195-214.
[17] 黄康宇,徐伟光.移动目标防御时间博弈相关研究介绍[J].军事通信技术,2016,37(4):98-102.(HUANG K Y, XU W G. Games of timing in moving target defense[J]. Journal of Military Communications Technology, 2016, 37(4):98-102.)

Attack-defense game model for advanced persistent threats with asymmetric information

非对称信息条件下APT攻防博弈模型

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

[1]	WANG Yijie, FAN Jiafei, WANG Chenyu. Two-stage task offloading strategy based on game theory in cloud-edge environment [J]. Journal of Computer Applications, 2021, 41(5): 1392-1398.
[2]	MAO Yingchi, XU Xuesong, LIU Pengfei. Multi-user task offloading strategy based on stable allocation [J]. Journal of Computer Applications, 2021, 41(3): 786-793.
[3]	ZHANG Shuyao, LI Yonghua, FAN Jiajia. Bulk storage assignment algorithm in bulk port based on game theory [J]. Journal of Computer Applications, 2021, 41(3): 867-874.
[4]	Ying LEI, Wanbo ZHENG, Wei WEI, Yunni XIA, Xiaobo LI, Chengwu LIU, Hong XIE. Task offloading method based on probabilistic performance awareness and evolutionary game strategy in “cloud + edge” hybrid environment [J]. Journal of Computer Applications, 2021, 41(11): 3302-3308.
[5]	ZHENG Yanbin, FAN Wenxin, HAN Mengyun, TAO Xueli. Multi-agent collaborative pursuit algorithm based on game theory and Q-learning [J]. Journal of Computer Applications, 2020, 40(6): 1613-1620.
[6]	FAN Jiajia, LIU Hongxing, LI Yonghua, YANG Lijin. Collaborative routing method for operation vehicle in inland port based on game theory [J]. Journal of Computer Applications, 2020, 40(1): 50-55.
[7]	ZHOU Aiping, ZHU Chengang. Detection method for network-wide persistent flow based on sketch data structure [J]. Journal of Computer Applications, 2019, 39(8): 2354-2358.
[8]	ZHENG Yanbin, WANG Linlin, XI Pengxue, FAN Wenxin, HAN Mengyun. Multi-Agent path planning algorithm based on ant colony algorithm and game theory [J]. Journal of Computer Applications, 2019, 39(3): 681-687.
[9]	ZHANG Wei, SU Yang, CHEN Wenwu. Dual game model of advanced persistent threat attack for distributed network structure [J]. Journal of Computer Applications, 2018, 38(5): 1366-1371.
[10]	LIU Yazhou, WANG Jing, PAN Xiaozhong, FU Wei. Evolutionary game considering node degree in social network [J]. Journal of Computer Applications, 2018, 38(4): 1029-1035.
[11]	FAN Zifu, ZHOU Kaiheng, YAO Jie. Game theory based SDN master controller reselection mechanism [J]. Journal of Computer Applications, 2018, 38(3): 776-779.
[12]	ZHANG Chuanhao, GU Xuehui, MENG Caixia. Anti-sniffering attack method based on software defined network [J]. Journal of Computer Applications, 2018, 38(11): 3258-3262.
[13]	CHEN Hao, WU Qiwu, LI Fang, JIANG Lingzhi. Hierarchical PCE-based and bimatrix game-based multicast dedicated protection algorithm in multi-domain optical network under static state [J]. Journal of Computer Applications, 2018, 38(11): 3299-3304.
[14]	WU Ruohao, DONG Ping, ZHENG Tao. Malicious scanning protection technology based on OpenDayLight [J]. Journal of Computer Applications, 2018, 38(1): 188-193.
[15]	TAN Ren, YIN Xiaochuan, LIAN Zhe, CHEN Yuxin. Hierarchical representation model of APT attack [J]. Journal of Computer Applications, 2017, 37(9): 2551-2556.