Game theoretic approach applied in cybersecurity information exchange framework
Pages 1 - 7
Abstract
In CYBersecurity information EXchange (CYBEX) framework, Cyber Threat Intelligence (CTI) is shared among multiple organizations with a view of creating situational awareness. But there is a possibility that malicious organizations coexist with regular ones in this framework, which can get hold of the threat data shared by other organizations and can use it for carrying out malicious activities. We formulate the aforementioned problem as an incomplete information game assuming that whenever CYBEX receives any information, it processes the information for anomaly detection. We find the mixed strategy Nash equilibrium probabilities and corresponding Bayesian belief updates. We simulate the game to find the best response strategies with which regular and malicious organizations can play to increase their payoffs. Based on the best response strategies of organizations, we analyze that achieving more anomaly detection rate while keeping the processing rate minimum is the best action strategy with which CYBEX can play to increase the gain of both CYBEX and regular organizations over malicious organizations. We also find the approximate average minimum processing rate and anomaly detection rate with which CYBEX can play in order to maintain the payoff of itself and regular organizations higher than the malicious ones.
References
[1]
F. Skopik, M. Wurzenberger, G. Settanni, and R. Fiedler, “Establishing national cyber situational awareness through incident information clustering,” in 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE, 2015, pp. 1–8.
[2]
Y. Liu, A. Sarabi, J. Zhang, P. Naghizadeh, M. Karir, M. Bailey, and M. Liu, “Cloudy with a chance of breach: Forecasting cyber security incidents,” in 24th {USENIX} Security Symposium ({USENIX} Security 15), 2015, pp. 1009–1024.
[3]
G. Pettet, S. Nannapaneni, B. Stadnick, A. Dubey, and G. Biswas, “Incident analysis and prediction using clustering and bayesian network,” in 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCl). IEEE, 2017, pp. 1–8.
[4]
I. Vakilinia, D. K. Tosh, and S. Sengupta, “Privacy-preserving cybersecu-rity information exchange mechanism,” in International Symposium on Performance Evaluation of Computer and Telecommunication. IEEE, 2017, pp. 1–7.
[5]
F. Sadique, K. Bakhshaliyev, J. Springer, and S. Sengupta, “A system architecture of cybersecurity information exchange with privacy (cybex-p),'’ in 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 2019, pp. 0493–0498.
[6]
I. Vakilinia, D. K. Tosh, and S. Sengupta, “Attribute based sharing in cybersecurity information exchange framework,” in 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS). IEEE, 2017, pp. 1–6.
[7]
X. Chen, B. Li, R. Proietti, Z. Zhu, and S. B. Yoo, “Self-taught anomaly detection with hybrid unsupervised/supervised machine learning in optical networks,” Journal of Lightwave Technology, vol. 37, no. 7, pp. 1742–1749, 2019.
[8]
R. Laxhammar and G. Falkman, “Online learning and sequential anomaly detection in trajectories,” IEEE transactions on pattern analysis and machine intelligence, vol. 36, no. 6, pp. 1158–1173, 2013.
[9]
J. Dromard, G. Roudiére, and P. Owezarski, “Online and scalable unsupervised network anomaly detection method,” IEEE Transactions on Network and Service Management, vol. 14, no. 1, pp. 34–47, 2016.
[10]
Y. Sasaka, T. Ogawa, and M. Haseyama, “A novel framework for estimating viewer interest by unsupervised multimodal anomaly detection,” IEEE Access, vol. 6, pp. 8340–8350, 2018.
[11]
S. Badsha, I. Vakilinia, and S. Sengupta, “Privacy preserving cyber threat information sharing and learning for cyber defense,” in 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 2019, pp. 0708–0714.
[12]
S. Badsha, X. Yi, and I. Khalil, “A practical privacy-preserving recommender system,” Data Science and Engineering, vol. 1, no. 3, pp. 161–177, 2016.
[13]
S. Badsha, X. Yi, I. Khalil, and E. Bertino, “Privacy preserving user-based recommender system,” in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2017, pp. 1074–1083.
[14]
S. Badsha, X. Yi, I. Khalil, D. Liu, S. Nepal, E. Bertino, and K.-Y. Lam, “Privacy preserving location-aware personalized web service recommendations,” IEEE Transactions on Services Computing, 2018.
[15]
C. Goodwin, J. P. Nicholas, J. Bryant, K. Ciglic, A. Kleiner, C. Kutterer, A. Massagli, A. Mckay, P. Mckitrick, J. Neutze et al., “A framework for cybersecurity information sharing and risk reduction,” Microsoft, 2015.
[16]
D. Tosh, S. Sengupta, C. Kamhoua, K. Kwiat, and A. Martin, “An evolutionary game-theoretic framework for cyber-threat information sharing,” in 2015 IEEE International Conference on Communications (ICC).IEEE, 2015, pp. 7341–7346.
[17]
D. K. Tosh, S. Sengupta, S. Mukhopadhyay, C. A. Kamhoua, and K. A. Kwiat, “Game theoretic modeling to enforce security information sharing among firms,” in 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing. IEEE, 2015, pp. 7–12.
[18]
I. Vakilinia, D. K. Tosh, and S. Sengupta, “3-way game model for privacy-preserving cybersecurity information exchange framework,” in MILCOM 2017–2017 IEEE Military Communications Conference (MIL-COM). IEEE, 2017, pp. 829–834.
[19]
W. Wang, M. Chatterjee, and K. Kwiat, “Coexistence with malicious nodes: A game theoretic approach,” in 2009 International Conference on Game Theory for Networks. IEEE, 2009, pp. 277–286.
[20]
F. Saab, A. Kayssi, I. Elhajj, and A. Chehab, “Solving sybil attacks using evolutionary game theory,” in Proceedings of the 31st Annual ACM Symposium on Applied Computing - SAC. ACM Press, 2016.
[21]
F. Li and J. Wu, “Hit and run: A bayesian game between malicious and regular nodes in manets,” in 2008 5th annual IEEE communications society conference on sensor, mesh and ad hoc communications and networks. IEEE, 2008, pp. 432–440.
[22]
Y. B. Reddy, “A game theory approach to detect malicious nodes in wireless sensor networks,” in 2009 Third International Conference on Sensor Technologies and Applications. IEEE, 2009, pp. 462–468.
[23]
D. Fudenberg and J. Tirole, “Garne theory,” Cambridge: MIT Prcss, 1991.
Index Terms
- Game theoretic approach applied in cybersecurity information exchange framework
Index terms have been assigned to the content through auto-classification.
Recommendations
Evolving sharing strategies in cybersecurity information exchange framework
GECCO '17: Proceedings of the Genetic and Evolutionary Computation Conference CompanionCybersecurity information sharing among participating organizations proactivly helps defend against attackers. However, such sharing also exposes potentially sensitive organizational information. We attack the problem of finding sharing incentives and ...
A coalitional game theory approach for cybersecurity information sharing
MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)As the complexity and number of cybersecurity incidents are growing, the traditional security measures are not sufficient to defend against attackers. In this situation, cyber threat intelligence capability substantially improves the detection and ...
Comments
Information & Contributors
Information
Published In
January 2020
1049 pages
Copyright © 2020.
Publisher
IEEE Press
Publication History
Published: 01 January 2020
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Jan 2025