500 likes | 605 Views
Research Direction Introduction. Advisor: Yeong-Sung Lin Presented by I-Ju Shih. Agenda. Problem Description Problem Assumption Problem Formulation. Problem Description. Defender versus Attacker. Defender versus Attacker. Defender versus Attacker. Objective.
E N D
Research Direction Introduction Advisor: Yeong-Sung Lin Presented by I-Ju Shih
Agenda • Problem Description • Problem Assumption • Problem Formulation
Objective • The network survivability is measured by ADOD. • The game has two players: an attacker (he, A)and a defender(she, D). • Defender • Objective - minimize the damage of the network (ADOD). • Budget Constraint - deploying the defense budget in nodes repairing the compromised node releasing message in nodes • Attacker • Objective - maximize the damage of the network (ADOD). • Budget Constraint – deploying the attack budget in nodes updating information
Defender’s information • The defender had private information,including each node’s type and network topology. • There were two types (lower or higher valuation)of nodes and each node’s prior belief in the first round was common knowledge. The attack success probability of node i = The probability of node i belonged to type 1 * The attack success probability of node i belonged to type 1 + The probability of node i belonged to type 2 * The attack success probability of node i belonged to type 2
Defender’s action • In each round, the defender moves first, determines strategy and chooses message which may be truth, deception or secrecy to each node.
Message releasing • Message releasing could be classified into two types. A node’s information could be divided into different parts to release message by the defender. The defender could release a node’s defensive state as a message to the attacker.
Message releasing- type 1 • The defender could choose a part of information from a node according to his strategy to release truthful message, deceptive message or secrecy.
Message releasing- type 2 • The defender released a node’s defensive state as a message, which was truth, deception or secrecy, to each node as a mixed strategy. ?
Message releasing • The defender chooses : 1. Truthful message if and only if message = actual information/defense. 2. Secrecy if and only if message is secret. 3. Deceptive message if and only if message ≠ actual information/defense. Cost: Deceptive message > Secrecy > Truthful message
The effect of deception/secrecy • The effect of deception or secrecy would be discounted if the attacker knew defender’s partial private information.
The effect of deception/secrecy • The effect of deception or secrecy would be zero if the attacker knew something that the defender did not know.
Immune benefit • Although the attacker knew something that the defender did not know, the defender could update information after observing the result of each round’s contest. • After the defender updated information, she had immune benefit which meant that the attacker was unable to use identical attack.
Defender’s resources • From the view of the defender, the budget could be reallocated or recycled but the discount factor was also considered. • The defender could accumulate resources to decrease attack success probability to defend network nodes in next time. Defender Reallocated Reallocated Defense resource on node i Recycled
Attacker’s information • The attacker knew only partial network topology. • The attacker could update information after observing the result of each round’s contest and defender’s messages.
Attacker’s resources • The attacker could accumulate experience to increase attack success probability to compromise network nodes in next time. • The attacker could increase resources when the attacker compromised network nodes, before the defender had not repaired the nodes yet.
Network topology • We considered a complex system with n nodes in series-parallel. • A node consisted of M componentswhich might be different component or the same. (M≥1)
Network topology • A node’s composition could be classified into two types. A node with backup component A k-out-of-m node
Network topology • The relationship between nodes could be classified into three types. Independence A node could function solely. Dependence When a node was destroyed, the nodes dependent on the destroyed node would not operate normally. Interdependence When a node was destroyed, the node interdependent on the destroyed node would not operate normallyand vice versa.
Problem assumption • 1.The problem involved both cyber attacker and network defender. The objective of attacker was to maximize the value of the Average DOD. On the other hand, the defender’s goal was to minimize the value of the Average DOD. • 2.Both the attacker and the defender were based on the importance of node to take actions.
Problem assumption • 3.Cyber attacker had incomplete information about:
Problem assumption • 4.The attacker had private information which included the attacker’s budget and the defender’s system vulnerabilities. • 5.The defender had private information which included each node’s type and the network topology. • 6. Both attacker and defender were limited by the total budget. • 7. Both attacker and defender might be rational or bounded rational.
Problem assumption • 8.Both attacker and defender knew that there were two types (lower or higher valuation) of nodes. • 9.Both attacker and defender knew each node’s prior belief in the first round. • 10.Both attacker and defender could update information by Bayes’ theorem after observing the result of each round’s contest. The attacker could also update his information by Bayes’ theorem after observing the defender’s messages.
Problem assumption • 11.There were no enforceable agreements between attacker and defender which meant that the attacker and the defender could not cooperate. • 12.In each round, the defender moves first, determines strategy and chooses message which may be truth, deception or secrecy to each node. • 13.The cost of releasing truthful message was lower than the costs of releasing secrecy and deception, respectively. Also, the cost of releasing secrecy was lower than the cost of releasing deception. And the cost of releasing message would not be accumulated or recycled.
Problem assumption • 14.The defender using deceptive messages could lower the attack success probability. • 15. The defender’s message releasing could be classified into two types: • 16.Only node attack was considered. (We did not consider the link attack) • 17.Only malicious attack was considered. (We did not consider the random errors)
Problem assumption • 18.Cyber attacker could accumulate experience to increase attack success probability to compromise network nodes in next time. • 19.Network defender could accumulate resources to decrease attack success probability to defend network nodes in next time. • 20.The attacker could increase budget when the attacker compromised network nodes, which meant that the compromised network nodes were controlled by the attacker. • 21.From the view of the defender, the budget could be reallocated or recycled but the discount factor was also considered.
Problem assumption • 22.From the view of the defender, the compromised nodes could be repaired. • 23.Only static network was considered. (We did not consider the growth of network) • 24.The defender used redundant components to design system to achieve high availability. • 25.The network survivability was measured by Average DOD value. • 26.Any two nodes of network could form to be an O-D pair. • 27.The attack success probability was calculated by contest success function, considering the resource allocation on each node of both parties.
Given • The total budget of network defender. • The total budget of cyber attacker. • Both the defender and the attacker have incomplete information about each other.
Objective • Minimize the maximum damage degree of network (ADOD).
Subject to • The total budget constraint of network defender. • The total budget constraint of cyber attacker.
To determine • The attacker • How to allocate attack budget to each node in each round. • The defender • How to allocate defense budget and determine which message would use to each node in each round. • Whether to repair the compromised node in each round. • Whether to reallocate or recycle nodes’ resource in each round.