research-article

A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses

Authors:

Kevin M. Carter,

James F. Riordan,

Hamed OkhraviAuthors Info & Claims

MTD '14: Proceedings of the First ACM Workshop on Moving Target Defense

Pages 21 - 30

https://doi.org/10.1145/2663474.2663478

Published: 03 November 2014 Publication History

Abstract

Moving target defenses based on dynamic platforms have been proposed as a way to make systems more resistant to attacks by changing the properties of the deployed platforms. Unfortunately, little work has been done on discerning effective strategies for the utilization of these systems, instead relying on two generally false premises: simple randomization leads to diversity and platforms are independent. In this paper, we study the strategic considerations of deploying a dynamic platform system by specifying a relevant threat model and applying game theory and statistical analysis to discover optimal usage strategies. We show that preferential selection of platforms based on optimizing platform diversity approaches the statistically optimal solution and significantly outperforms simple randomization strategies. Counter to popular belief, this deterministic strategy leverages fewer platforms than may be generally available, which increases system security.

References

[1]

D. Arsenault, A. Sood, and Y. Huang. Secure, resilient computing clusters: Self-cleansing intrusion tolerance with hardware enforced security (scit/hes). In Proceedings of the The Second International Conference on Availability, Reliability and Security, ARES '07, pages 343--350, Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

[2]

A. Bangalore and A. Sood. Securing web servers using self cleansing intrusion tolerance (scit). In Dependability, 2009. DEPEND '09. Second International Conference on, pages 60 --65, june 2009.

Digital Library

[3]

R. Colbaugh and K. Glass. Predictability-oriented defense against adaptive adversaries. In Proceedings of the IEEE Intl. Conference on Systems, Man, and Cybernetics, COEX, pages 2721--2727, 2012.

[4]

D. A. Holland, A. T. Lim, and M. I. Seltzer. An architecture a day keeps the hacker away. SIGARCH Comput. Archit. News, 33(1):34--41, Mar. 2005.

Digital Library

[5]

Y. Huang, D. Arsenault, and A. Sood. Incorruptible system self-cleansing for intrusion tolerance. In Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International, pages 4 pp. --496, april 2006.

[6]

T. Jackson, B. Salamat, G. Wagner, C. Wimmer, and M. Franz. On the effectiveness of multi-variant program execution for vulnerability detection and prevention. In Proceedings of the 6th International Workshop on Security Measurements and Metrics, MetriSec '10, pages 7:1--7:8, New York, NY, USA, 2010. ACM.

Digital Library

[7]

P. Larsen, S. Brunthaler, and M. Franz. Security through diversity: Are we there yet? In Proceedings of IEEE Security & Privacy, Oct. 2013.

[8]

R. B. Myerson. Game Theory: Analysis of Conflict. Harvard University Press, 1997.

[9]

N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '07, pages 89--100, New York, NY, USA, 2007.

Digital Library

[10]

F. Networking, I. T. Research, and D. (NITRD). Federal Cybersecurity Game-change R&D Themes, 2012. http://cybersecurity.nitrd.gov/page/federal-cybersecurity-1.

[11]

H. Okhravi, A. Comella, E. Robinson, and J. Haines. Creating a cyber moving target for critical infrastructure applications using platform diversity. International Journal of Critical Infrastructure Protection, 5(1):30--39, 2012.

[12]

H. Okhravi, T. Hobson, D. Bigelow, and W. Streilein. Finding focus in the blur of moving-target techniques. IEEE Security & Privacy, 12(2):16--26, Mar 2014.

[13]

H. Okhravi, J. Riordan, and K. Carter. Quantitative evaluation of dynamic platform techniques as a defensive mechanism. In Proceedings of 17th International Symposium on Recent Advances in Intrusion Detection (RAID), Sept. 2014.

[14]

A. Saidane, V. Nicomette, and Y. Deswarte. The design of a generic intrusion-tolerant architecture for web servers. Dependable and Secure Computing, IEEE Transactions on, 6(1):45--58, jan.-march 2009.

Digital Library

[15]

B. Salamat, A. Gal, and M. Franz. Reverse stack execution in a multi-variant execution environment. In Workshop on Compiler and Architectural Techniques for Application Reliability and Security, 2008.

[16]

B. Salamat, A. Gal, T. Jackson, K. Manivannan, G. Wagner, and M. Franz. Multi-variant program execution: Using multi-core systems to defuse buffer-overflow vulnerabilities. In Complex, Intelligent and Software Intensive Systems, 2008. International Conference on, pages 843 --848, march 2008.

Digital Library

[17]

B. Salamat, T. Jackson, G. Wagner, C. Wimmer, and M. Franz. Runtime defense against code injection attacks using replicated execution. Dependable and Secure Computing, IEEE Transactions on, 8(4):588--601, july-aug. 2011.

Digital Library

[18]

S. Schleimer, D. S. Wilkerson, and A. Aiken. Winnowing: local algorithms for document fingerprinting. In Proceedings of the 2003 ACM SIGMOD international conference on Management of data, SIGMOD '03, pages 76--85, New York, NY, USA, 2003. ACM.

Digital Library

[19]

K. Scott and J. Davidson. Strata: A Software Dynamic Translation Infrastructure. Technical Report CS-2001--17, 2001.

Digital Library

[20]

D. Williams, W. Hu, J. W. Davidson, J. D. Hiser, J. C. Knight, and A. Nguyen-Tuong. Security through diversity: Leveraging virtual machine technology. IEEE Security and Privacy, 7(1):26--33, Jan. 2009.

Digital Library

[21]

M. Winterrose and K. Carter. Strategic evolution of adversaries against temporal platform diversity active cyber defenses. In Proceedings of Agent-Directed Simulation Symposium, pages 68--76, April 2014.

Digital Library

[22]

M. Winterrose, K. Carter, N. Wagner, and W. Streilein. Adaptive attacker strategy development against moving target cyber defenses. In Proceedings of MODSIM World 2014, April 2014.

Cited By

Liang HZhang SLiu XCheng GMa HWang Q(2024)SMWE: A Framework for Secure and Makespan-Oriented Workflow Execution in Serverless ComputingElectronics10.3390/electronics1316324613:16(3246)Online publication date: 15-Aug-2024
https://doi.org/10.3390/electronics13163246
Haighton DLeblanc S(2024)Game Theory Applied to Deception in Network Security2024 International Conference on Computing, Internet of Things and Microwave Systems (ICCIMS)10.1109/ICCIMS61672.2024.10690784(1-5)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCIMS61672.2024.10690784
Pikov VRyapukhin AVeas Iniesta D(2023)Information Protection in Complexes with Unmanned Aerial Vehicles Using Moving Target TechnologyInventions10.3390/inventions80100188:1(18)Online publication date: 11-Jan-2023
https://doi.org/10.3390/inventions8010018
Show More Cited By

Index Terms

A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses
1. Computing methodologies
  1. Artificial intelligence
    1. Planning and scheduling
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach
Decision and Game Theory for Security
Abstract
Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by ...
Strategic evolution of adversaries against temporal platform diversity active cyber defenses
ADS '14: Proceedings of the 2014 Symposium on Agent Directed Simulation

Adversarial dynamics are a critical facet within the cyber security domain, in which there exists a co-evolution between attackers and defenders in any given threat scenario. While defenders leverage capabilities to minimize the potential impact of an ...
Countering ARP spoofing attacks in software-defined networks using a game-theoretic approach
Abstract
The Address Resolution Protocol (ARP) spoofing is a form of attack typically used by attackers to cause a denial of service or man-in-the-middle attacks. This attack comes from ARP weaknesses and aims to compromise victims' ARP caches by sending ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MTD '14: Proceedings of the First ACM Workshop on Moving Target Defense

November 2014

116 pages

ISBN:9781450331500

DOI:10.1145/2663474

Program Chairs:
Sushil Jajodia
George Mason University
,
Kun Sun
College of William and Mary

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

U.S. Department of Defense

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

MTD '14 Paper Acceptance Rate 9 of 16 submissions, 56%;

Overall Acceptance Rate 40 of 92 submissions, 43%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
500
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)3

Reflects downloads up to 24 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liang HZhang SLiu XCheng GMa HWang Q(2024)SMWE: A Framework for Secure and Makespan-Oriented Workflow Execution in Serverless ComputingElectronics10.3390/electronics1316324613:16(3246)Online publication date: 15-Aug-2024
https://doi.org/10.3390/electronics13163246
Haighton DLeblanc S(2024)Game Theory Applied to Deception in Network Security2024 International Conference on Computing, Internet of Things and Microwave Systems (ICCIMS)10.1109/ICCIMS61672.2024.10690784(1-5)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCIMS61672.2024.10690784
Pikov VRyapukhin AVeas Iniesta D(2023)Information Protection in Complexes with Unmanned Aerial Vehicles Using Moving Target TechnologyInventions10.3390/inventions80100188:1(18)Online publication date: 11-Jan-2023
https://doi.org/10.3390/inventions8010018
Gu ZLiu WLiu ZZhu X(2023)A Reinforcement Learning Model to Adaptive Strategy Determination for Dynamic Defense2023 6th International Conference on Electronics Technology (ICET)10.1109/ICET58434.2023.10211957(1182-1186)Online publication date: 12-May-2023
https://doi.org/10.1109/ICET58434.2023.10211957
Liu R(2023)Towards an Uncertainty-aware Decision Engine for Proactive Self-Protecting Software2023 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)10.1109/ACSOS-C58168.2023.00027(21-23)Online publication date: 25-Sep-2023
https://doi.org/10.1109/ACSOS-C58168.2023.00027
Seo SMoon HLee SKim DLee JKim BLee WKim D(2023)D3GF: A Study on Optimal Defense Performance Evaluation of Drone-Type Moving Target Defense Through Game TheoryIEEE Access10.1109/ACCESS.2023.327874411(59575-59598)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3278744
Jafarian JNiakanlahiji A(2023)MultiRHMComputers and Security10.1016/j.cose.2022.102958124:COnline publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.cose.2022.102958
Wright-Hamor CBisinger SNeel JBlakely BEvans N(2023)A Preventative Moving Target Defense Solution for Web Servers Using IptablesProceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media10.1007/978-981-19-6414-5_11(191-205)Online publication date: 8-Mar-2023
https://doi.org/10.1007/978-981-19-6414-5_11
Seo SKim D(2022)IoDM: A Study on a IoT-Based Organizational Deception Modeling with Adaptive General-Sum Game CompetitionElectronics10.3390/electronics1110162311:10(1623)Online publication date: 19-May-2022
https://doi.org/10.3390/electronics11101623
Chang XShi YZhang ZXu ZTrivedi K(2022)Job Completion Time Under Migration-Based Dynamic Platform TechniqueIEEE Transactions on Services Computing10.1109/TSC.2020.298921515:3(1345-1357)Online publication date: 1-May-2022
https://doi.org/10.1109/TSC.2020.2989215
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten