Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Approximate Solutions for Attack Graph Games with Imperfect Information

  • Conference paper
  • First Online:
Decision and Game Theory for Security (GameSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9406))

Included in the following conference series:

Abstract

We study the problem of network security hardening, in which a network administrator decides what security measures to use to best improve the security of the network. Specifically, we focus on deploying decoy services or hosts called honeypots. We model the problem as a general-sum extensive-form game with imperfect information and seek a solution in the form of Stackelberg Equilibrium. The defender seeks the optimal randomized honeypot deployment in a specific computer network, while the attacker chooses the best response as a contingency attack policy from a library of possible attacks compactly represented by attack graphs. Computing an exact Stackelberg Equilibrium using standard mixed-integer linear programming has a limited scalability in this game. We propose a set of approximate solution methods and analyze the trade-off between the computation time and the quality of the strategies calculated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://www.nessus.org

  2. 2.

    http://www.openvas.org

References

  1. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of CCS, pp. 217–224 (2002)

    Google Scholar 

  2. Bacic, E., Froh, M., Henderson, G.: Mulval extensions for dynamic asset protection. Technical report, DTIC Document (2006)

    Google Scholar 

  3. Benisch, M., Davis, G.B., Sandholm, T.: Algorithms for closed under rational behavior (curb) sets. J. Artif. Int. Res. 38(1), 513–534 (2010)

    MathSciNet  MATH  Google Scholar 

  4. Bernheim, B.D.: Rationalizable strategic behavior. Econometrica 52, 1007–1028 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  5. Boddy, M.S., Gohde, J., Haigh, T., Harp, S.A.: Course of action generation for cyber security using classical planning. In: Proceedings of ICAPS, pp. 12–21 (2005)

    Google Scholar 

  6. Bošanský, B., Kiekintveld, C., Lisý, V., Pěchouček, M.: An exact double-oracle algorithm for zero-sum extensive-form games with imperfect information. J. Artif. Int. Res. 51, 829–866 (2014)

    MATH  Google Scholar 

  7. Bošanský, B., Čermak, J.: Sequence-form algorithm for computing stackelberg equilibria in extensive-form games. In: Proceedings of AAAI Conference on AI, pp. 805–811 (2015)

    Google Scholar 

  8. Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. Secur. Commun. Netw. 4(10), 1162–1172 (2011)

    Article  Google Scholar 

  9. Cassandra, A., Littman, M.L., Zhang, N.L.: Incremental pruning: a simple, fast, exact method for partially observable markov decision processes. In: Proceedings of UAI, pp. 54–61. Morgan Kaufmann Publishers Inc. (1997)

    Google Scholar 

  10. Conitzer, V., Korzhyk, D.: Commitment to correlated strategies. In: Proceedings of AAAI, pp. 632–637 (2011)

    Google Scholar 

  11. Conitzer, V., Sandholm, T.: Computing the optimal strategy to commit to. In: Proceedings of ACM EC, pp. 82–90. ACM (2006)

    Google Scholar 

  12. Durkota, K., Lisý, V., Bošanský, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. In: Proceedings of IJCAI, pp. 7–14 (2015)

    Google Scholar 

  13. Grimes, R.A., Nepomnjashiy, A., Tunnissen, J.: Honeypots for windows (2005)

    Google Scholar 

  14. Homer, J., Zhang, S., Ou, X., Schmidt, D., Du, Y., Rajagopalan, S.R., Singhal, A.: Aggregating vulnerability metrics in enterprise networks using attack graphs. J. Comput. Secur. 21(4), 561–597 (2013)

    Google Scholar 

  15. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings of ACSAC, pp. 121–130 (2006)

    Google Scholar 

  16. Koller, D., Megiddo, N., Von Stengel, B.: Efficient computation of equilibria for extensive two-person games. Games Econ. Behav. 14(2), 247–259 (1996)

    Article  MATH  Google Scholar 

  17. Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. J. Artif. Int. Res. 41(2), 297–327 (2011)

    MathSciNet  MATH  Google Scholar 

  18. Letchford, J., Conitzer, V.: Computing optimal strategies to commit to in extensive-form games. In: Proceedings of ACM EC, pp. 83–92 (2010)

    Google Scholar 

  19. Letchford, J., Vorobeychik, Y.: Optimal interdiction of attack plans. In: Proceedings of AAMAS, pp. 199–206 (2013)

    Google Scholar 

  20. Littman, M.L.: The witness algorithm: Solving partially observable markov decision processes. Technical report, Providence, RI, USA (1994)

    Google Scholar 

  21. Lucangeli Obes, J., Sarraute, C., Richarte, G.: Attack planning in the real world. In: Working notes of SecArt 2010 at AAAI, pp. 10–17 (2010)

    Google Scholar 

  22. Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. Secur. Priv. 4, 85–89 (2006)

    Article  Google Scholar 

  23. Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of ACM VizSEC/DMSEC, pp. 109–118. ACM (2004)

    Google Scholar 

  24. Noel, S., Jajodia, S.: Optimal ids sensor placement and alert prioritization using attack graphs. J. Netw. Syst. Manage. 16, 259–275 (2008)

    Article  Google Scholar 

  25. Noel, S., Jajodia, S., Wang, L., Singhal, A.: Measuring security risk of networks using attack graphs. Int. J. Next-Gener. Comput. 1(1), 135–147 (2010)

    Google Scholar 

  26. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of ACM CCS, pp. 336–345. ACM (2006)

    Google Scholar 

  27. Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: a logic-based network security analyzer. In: Proceedings of USENIX SSYM. pp. 113–128. USENIX Association, Berkeley (2005)

    Google Scholar 

  28. Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  29. Provos, N.: A virtual honeypot framework. In: Proceedings of USENIX SSYM, pp. 1–14. Berkeley, CA, USA (2004)

    Google Scholar 

  30. Qassrawi, M.T., Hongli, Z.: Deception methodology in virtual honeypots. In: Proceedings of NSWCTC, vol. 2, pp. 462–467. IEEE (2010)

    Google Scholar 

  31. Sawilla, R.E., Ou, X.: Identifying critical attack assets in dependency attack graphs. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 18–34. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  32. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: IEEE Symposium Security and Privacy, pp. 273–284. IEEE (2002)

    Google Scholar 

  33. Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned, 1st edn. Cambridge University Press, New York (2011)

    Book  Google Scholar 

  34. Von Stengel, B., Forges, F.: Extensive form correlated equilibrium: definition and computational complexity. Math. Oper. Res. 33(4), 1002–1022 (2008)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

This research was supported by the Office of Naval Research Global (grant no. N62909-13-1-N256), the Danish National Research Foundation and the National Science Foundation of China (under the grant 61361136003) for the Sino-Danish Center for the Theory of Interactive Computation. Viliam Lisý is a member of the Czech Chapter of The Honeynet Project.

Author information

Authors and Affiliations

  1. Department of Computer Science, Agent Technology Center, Czech Technical University in Prague, Prague, Czech Republic

    Karel Durkota & Viliam Lisý

  2. Department of Computing Science, University of Alberta, Edmonton, Canada

    Viliam Lisý

  3. Department of Computer Science, Aarhus University, Aarhus, Denmark

    Branislav Bošanský

  4. Computer Science Department, University of Texas at El Paso, El Paso, USA

    Christopher Kiekintveld

Authors
  1. Karel Durkota
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Viliam Lisý
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Branislav Bošanský
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christopher Kiekintveld
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Karel Durkota .

Editor information

Editors and Affiliations

  1. Queen Mary University of London, London, United Kingdom

    MHR Khouzani

  2. University of Brighton, Brighton, United Kingdom

    Emmanouil Panaousis

  3. Cardiff University, Cardiff, United Kingdom

    George Theodorakopoulos

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Durkota, K., Lisý, V., Bošanský, B., Kiekintveld, C. (2015). Approximate Solutions for Attack Graph Games with Imperfect Information. In: Khouzani, M., Panaousis, E., Theodorakopoulos, G. (eds) Decision and Game Theory for Security. GameSec 2015. Lecture Notes in Computer Science(), vol 9406. Springer, Cham. https://doi.org/10.1007/978-3-319-25594-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25594-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25593-4

  • Online ISBN: 978-3-319-25594-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation