Analysis of Network Attack and Defense Strategies Based on Pareto Optimum
Abstract
:1. Introduction
1.1. Introduction
1.2. Related Works
1.3. Article Structure
2. Game Model Based on Pareto Optimum
2.1. Network Definition
2.1.1. Vertices Definition
2.1.2. Edges Definition
2.2. Players and Strategies
2.2.1. Defender’s Strategies
2.2.2. Attacker’s Strategies
2.3. Goals of Game
2.3.1. Network Failure Rate
2.3.2. Cost of Defender and Attacker
2.4. Pareto Optimization
2.5. Defender Optimization
2.6. Model Limitations
3. Implementation
4. Experiment Results Analysis
4.1. Graph Instance
4.2. Strategies Instance
4.3. Pareto Optimization Process
- -
- (0.217, −6) is dominated by (0.415, 28), (0.242, 36) and (0.337, 36) => not in the Pareto front.
- -
- (0.415, 28) is not dominated by any point => is in the Pareto front.
- -
- (0.139, 18) is dominated by (0.415, 28), (0.242, 36) and (0.337, 36) => not in the Pareto front.
- -
- (0.242, 36) is dominated by (0.337, 36) => not in the Pareto front.
- -
- (0.337, 36) is not dominated by any point => is in the Pareto front.
- -
- (0.415, 28) is dominated by (0, 203, −6).
- -
- (0.337, 36) is dominated by (0, 203, −6).
4.4. Comparison to Nash Equilibrium
5. Discussion
6. Conclusions
Author Contributions
Conflicts of Interest
References
- Stolfo, S.J.; Fan, W.; Lee, W.; Prodromidis, A.; Chan, P.K. Cost-based modeling for fraud and intrusion detection: Results from the JAM project. In Proceedings of the DARPA Information Survivability Conference and Exposition, DISCEX’00, Hilton Head, SC, USA, 25–27 January 2000; Volume 2. [Google Scholar]
- Bistarelli, S.; Fioravanti, F.; Peretti, P. Defense trees for economic evaluation of security investments. In Proceedings of the First International Conference on Availability, Reliability and Security, Vienna, Austria, 20–22 April 2006. [Google Scholar]
- Gordon, L.A.; Loeb, M.P. Budgeting process for information security expenditures. Commun. ACM 2006, 49, 121–125. [Google Scholar] [CrossRef]
- Viduto, V.; Huang, W.; Maple, C. Toward optimal multi-objective models of network security: Survey. In Proceedings of the 17th International Conference on Automation and Computing (ICAC), Huddersfield, UK, 10 September 2011. [Google Scholar]
- Feng, N.; Wang, H.J.; Li, M. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Inf. Sci. 2014, 256, 57–73. [Google Scholar] [CrossRef]
- Roy, S.; Ellis, C.; Shiva, S.; Dasgupta, D.; Shandilya, V.; Wu, Q. A survey of game theory as applied to network security. In Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS), Honolulu, HI, USA, 5–8 January 2010. [Google Scholar]
- Carin, L.; Cybenko, G.; Hughes, J. Cybersecurity strategies: The queries methodology. Computer 2008, 41. [Google Scholar] [CrossRef]
- Lye, K.W.; Wing, J. Game strategies in network security. Int. J. Inf. Secur. 2005, 4, 71–86. [Google Scholar] [CrossRef]
- Shapley, L.; Rigby, F.D. Equilibrium points in games with vector payoffs. Nav. Res. Logist. 1959, 6, 57–61. [Google Scholar] [CrossRef]
- Osborne, M.J.; Ariel, R. A Course in Game Theory; Massachusetts Institute of Technology (MIT): Cambridge, MA, USA, 1994. [Google Scholar]
- Dainotti, A.; Pescapé, A.; Ventre, G. Worm traffic analysis and characterization. In Proceedings of the IEEE International Conference on Communications, ICC’07, Glasgow, UK, 24–28 June 2007; pp. 1435–1442.
- Boyle, P. Idfaq: Distributed Denial of Service Attack Tools: Trinoo and Wintrinoo. 2000. Available online: https://www.sans.org/security-resources/idfaq/distributed-denial-of-service-attack-tools-trinooand-wintrinoo/9/10 (accessed on 1 November 2016).
- Specht, S.M.; Lee, R.B. Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In Proceedings of the ISCA 17th International Conference on Parallel and Distributed Computing Systems, The Canterbury Hotel, San Francisco, CA, USA, 15–17 September 2004; pp. 543–550. [Google Scholar]
- Hallman, R.; Bryan, J.; Palavicini, G.; Divita, J.; Romero-Mariona, J. IoDDoS—The Internet of Distributed Denial of Sevice Attacks—A Case Study of the Mirai Malware and IoT-Based Botnets. In Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), Porto, Portugal, 24–26 April 2017; pp. 47–58. [Google Scholar]
- Woolf, N. Ddos Attack that Disrupted Internet Was Largest of Its Kind in History, Experts Say. 2016. Available online: https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet (accessed on 22 October 2016).
- Santanna, J.J.; Durban, R.; Sperotto, A.; Pras, A. Inside Booters: An Analysis on Operational Databases. In Proceedings of the 14th IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, Canada, 11–15 May 2015. [Google Scholar]
- Pras, A.; Santanna, J.J.; Steinberger, J.; Sperotto, A. DDoS 3.0-How terrorists bring down the internet. In Proceedings of the International GI/ITG Conference on Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance, Munster, Germany, 4 April 2016; Springer: Cham, Germany, 2016; pp. 1–4. [Google Scholar]
- Casenove, M.; Armando, M. Botnet over Tor: The illusion of hiding. In Proceedings of the IEEE 6th International Conference Cyber Conflict (CyCon 2014), Tallinn, Estonia, 3–6 June 2014. [Google Scholar]
- Abu Rajab, M.; Zarfoss, J.; Monrose, F.; Terzis, A. A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC’06, Rio de Janeriro, Brazil, 25–27 October 2006; pp. 41–52. [Google Scholar]
- Dainotti, A.; King, A.; Claffy, K.; Papale, F.; Pescapé, A. Analysis of a/0 stealth scan from a botnet. In IEEE/ACM Transactions on Networking (TON); IEEE Press: Iscataway, NJ, USA, 2015; Volume 23, pp. 341–354. [Google Scholar]
- Dainotti, A.; Pescapé, A.; Ventre, G. A cascade architecture for DoS attacks detection based on the wavelet transform. J. Comput. Secur. 2009, 17, 945–968. [Google Scholar] [CrossRef]
- Abshoff, S.; Cord-Landwehr, A.; Jung, D.; Skopalik, A. Multilevel Network Games. In Proceedings of the International Conference on Web and Internet Economics, Beijing, China, 14–17 December 2014. [Google Scholar]
- Liang, X.; Xiao, Y. Game theory for network security. IEEE Commun. Surv. Tutor. 2013, 15, 472–486. [Google Scholar] [CrossRef]
- Manshaei, M.H.; Zhu, Q.; Alpcan, T.; Basar, T.; Hubaux, J.-P. Game Theory Meets Network Security and Privacy. ACM Comput. Surv. 2011, 45. [Google Scholar] [CrossRef]
- Sun, Y.; Xiong, W.; Yao, Z.; Moniz, K.; Zahir, A. Network Defense Strategy Selection with Reinforcement Learning and Pareto Optimization. Appl. Sci. 2017, 7, 1138. [Google Scholar] [CrossRef]
- Sun, Y.; Li, Y.; Xiong, W.; Yao, Z.; Moniz, K.; Zahir, A. Pareto Optimal Solutions for Network Defense Strategy Selection Simulator in Multi-Objective Reinforcement Learning. Appl. Sci. 2018, 8, 136. [Google Scholar] [CrossRef]
- Wu, Q.; Shiva, S.; Roy, S.; Ellis, C.; Datla, V. On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks. In Proceedings of the 2010 Spring Simulation Multiconference, Society for Computer Simulation International, Orlando, FL, USA, 11–15 April 2010; p. 159. [Google Scholar]
- Studer, A.; Perrig, A. The Coremelt attack. In Proceedings of the European Symposium on Research in Computer Security, Saint-Malo, France, 21–23 September 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 37–52. [Google Scholar]
- Matalon-Eisenstadt, E.; Moshaiov, A.; Avigad, G. The competing travelling salespersons problem under multi-criteria. In Proceedings of the International Conference on Parallel Problem Solving from Nature, Edinburgh, UK, 17–21 September 2016. [Google Scholar]
- Bonaci, T.; Linda, B. Node capture games: A game theoretic approach to modeling and mitigating node capture attacks. In Proceedings of the International Conference on Decision and Game Theory for Security, College Park, MA, USA, 14 November 2011; Springer: Berlin/Heidelberg, Germany; pp. 44–55. [Google Scholar]
- NotPetya Technical Analysis—A Triple Threat: File Encryption, MFT Encryption, Credential Theft. Available online: https://www.crowdstrike.com/blog/petrwrap-ransomware-technical-analysis-triple-threat-file-encryption-mft-encryption-credential-theft/ (accessed on 29 June 2017).
- Zeleny, M. Games with multiple payoffs. Int. J. Game Theory 1975, 4, 179–191. [Google Scholar] [CrossRef]
- Welch, D. Adversary Threat Taxonomy. In Proceedings of the IEEE Information Assurance Workshop, West Point, NY, USA, 17–19 June 2002. [Google Scholar]
- Schneider, B. Attack Trees: Modeling Security Threats. Dr. Dobb’s J. 2000, 1, 5. [Google Scholar]
- Eisenstadt, E.; Moshaiov, A. Novel Solution Approach for Multi-Objective Attack-Defense Cyber Games with Unknown Utilities of the Opponent. IEEE Trans. Emerg. Top. Comput. Intell. 2017, 1, 16–26. [Google Scholar] [CrossRef]
Description | Strategy | |
---|---|---|
Sdefense(1) | High connections everywhere | +10, +80, +50, …, +80, +60, +80 |
Sdefense(2) | Low connections everywhere | −80, −10, −40, …, −10, −30, −10 |
Sdefense(3) | Med connections everywhere | −50, +20, −10, …, +20, 0, +20 |
Sdefense(4) | High server, Med clients | +40, +30, 0, …, +30, +10, +30 |
Sdefense(5) | No connections to vulnerable devices | −110, −40, −70, …, 0, −60, −40 |
Description | Strategy | |
---|---|---|
Sattack(1) | Strong server attack, strong client attack | 110:(1,2), 40:(3,5,6), 60:(1,6,2) |
Sattack(2) | Strong client attack, long attackchain | 40:(3,4,5,6,1,2), 60:(6,4,1) |
Sattack(3) | Strong server attack, long attackchain | 30:(3,4,5,6,1,2), 120:(1,2) |
Sattack(4) | Weak server attack, weak client attack | 80:(1,2,4), 40:(6,5,1) |
Sattack(5) | All attacks from one device | 50:(1,6,2,3), 50:(1,4,6,5) |
Sattack | Sdefense | fa,d(1) | fa,d(2) | Sattack | Sdefense | fa,d(1) | fa,d(2) |
---|---|---|---|---|---|---|---|
1 | 1 | 0.230927 | 664 | 4 | 3 | 0.232278 | −54 |
2 | 1 | 0.22626 | 698 | 5 | 3 | 0.330647 | −54 |
3 | 1 | 0.205723 | 688 | 1 | 4 | 0.202966 | −6 |
4 | 1 | 0.19896 | 706 | 2 | 4 | 0.194094 | 28 |
5 | 1 | 0.221122 | 706 | 3 | 4 | 0.159428 | 18 |
1 | 2 | 0.217027 | −6 | 4 | 4 | 0.140303 | 36 |
2 | 2 | 0.414527 | 28 | 5 | 4 | 0.183784 | 36 |
3 | 2 | 0.138739 | 18 | 1 | 5 | 0.451892 | 294 |
4 | 2 | 0.24226 | 36 | 2 | 5 | 0.358722 | 328 |
5 | 2 | 0.33678 | 36 | 3 | 5 | 0.494595 | 318 |
1 | 3 | 0.261064 | −96 | 4 | 5 | 0.601351 | 336 |
2 | 3 | 0.339981 | −62 | 5 | 5 | 0.451892 | 336 |
3 | 3 | 0.188249 | −72 |
Sattack | Sdefense | u(fa,d) | Sattack | Sdefense | u(fa,d) |
---|---|---|---|---|---|
1 | 1 | 0.968 | 4 | 3 | 0.209 |
2 | 1 | 1.008 | 5 | 3 | 0.418 |
3 | 1 | 0.988 | 1 | 4 | 0.179 |
4 | 1 | 1.008 | 2 | 4 | 0.196 |
5 | 1 | 1.016 | 3 | 4 | 0.149 |
1 | 2 | 0.203 | 4 | 4 | 0.165 |
2 | 2 | 0.616 | 5 | 4 | 0.264 |
3 | 2 | 0.142 | 1 | 5 | 0.191 |
4 | 2 | 0.278 | 2 | 5 | 0.833 |
5 | 2 | 0.459 | 3 | 5 | 0.711 |
1 | 3 | 0.264 | 4 | 5 | 0.926 |
2 | 3 | 0.437 | 5 | 5 | 1.136 |
3 | 3 | 0.111 |
Network Configurations | |
---|---|
Number of nodes | 20–50 |
Number of attack options | 12 |
Number of defense options | 12 |
Node capture costs | 50–100 |
Link fail rate | 0.00–0.15 |
Alpha | 0.75–1.00 |
Beta | 0.35–0.60 |
Network Results | |
---|---|
Number of configurations | 1000 |
Average duration Pareto | 1.93 ms |
Average duration Minimax | 1.91 ms |
Average difference between Pareto solutions and Nash Equilibrium | 0.0027 |
Pareto solutions includes Nash Equilibrium | 38.3% |
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Sun, Y.; Xiong, W.; Yao, Z.; Moniz, K.; Zahir, A. Analysis of Network Attack and Defense Strategies Based on Pareto Optimum. Electronics 2018, 7, 36. https://doi.org/10.3390/electronics7030036
Sun Y, Xiong W, Yao Z, Moniz K, Zahir A. Analysis of Network Attack and Defense Strategies Based on Pareto Optimum. Electronics. 2018; 7(3):36. https://doi.org/10.3390/electronics7030036
Chicago/Turabian StyleSun, Yang, Wei Xiong, Zhonghua Yao, Krishna Moniz, and Ahmed Zahir. 2018. "Analysis of Network Attack and Defense Strategies Based on Pareto Optimum" Electronics 7, no. 3: 36. https://doi.org/10.3390/electronics7030036
APA StyleSun, Y., Xiong, W., Yao, Z., Moniz, K., & Zahir, A. (2018). Analysis of Network Attack and Defense Strategies Based on Pareto Optimum. Electronics, 7(3), 36. https://doi.org/10.3390/electronics7030036