1 / 58

Research Direction Introduction

Research Direction Introduction. Advisor: Yeong -Sung Lin Presented by I- Ju Shih. Agenda. Introduction Network Survivability Problem Description. Introduction. Game theory. Game theory is a way to analyze interaction among a group of rational agents who behave strategically.

penny
Download Presentation

Research Direction Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Direction Introduction Advisor: Yeong-Sung Lin Presented by I-Ju Shih

  2. Agenda • Introduction • Network Survivability • Problem Description

  3. Introduction

  4. Game theory • Game theory is a way to analyze interaction among a group of rational agents who behave strategically. • Game theory has been successfully applied in different areas as competition, biology, economics, political science, computer science, military strategy, and more.

  5. Finitely repeated game • In recent years, the game theory has been applied in lots of network security issues. • In the real world, attackers and defenders frequentlyinteract repeatedly over time. • The interaction between attacker and defender could be viewed as an N-period game.

  6. Non-cooperative game • Games are classified into two major classes: cooperative games and non-cooperative games. • In the context of information security, cyber attacker wouldnot cooperate with network defender. X

  7. Incomplete information • In traditional non-cooperative games it is assumed that • 1. The players are rational. • 2. There are no enforceable agreements between players. • 3. The players know all the data of the game. • However,real-game situations may involve other types of uncertainty. • The players may lack complete information about other players or themselves.

  8. Sequential game • Most past literature has focused on sequential games in which the defender moves first, since network defender will be able to deter cyber attacker or shift attack to unimportant target.

  9. High availability • Users want their systems, for example hospitals, airplanes or computers, to be ready to serve them at all times. • High availability (HA) is a system design approach and associated service implementation that ensures a prearranged level of operational performance will be met during a contractual measurement period.

  10. High availability • Highavailability (HA) clusters operate by harnessing redundant computers in groups or clusters that provide continued service when system components fail. • Highavailability (HA) clusters can sometimes becategorized into one of the following models: • Active/active • Active/passive • Highavailability (HA) cluster implementations attempt to build redundancy into a cluster to eliminate single point of failure.

  11. Network Survivability

  12. ADOD(Average Degree of Disconnectivity) • DOD (Degree of Disconnectivity) • Contest success function

  13. DOD • The DOD (Degree of Disconnectivity) metric could be used to measure the damage degree of network. • Definition

  14. DOD • OD pairs = 1 2 3 4

  15. DOD • OD pairs = • DOD=3/6 1 2 3 4

  16. DOD • OD pairs = • DOD=6/6 1 2 3 4

  17. DOD • OD pairs = • DOD=10/6 1 2 3 4

  18. DOD • OD pairs = • DOD=14/6 1 2 3 4

  19. DOD • The larger number of the DOD value, the more damage degree of network would be.

  20. Contest success function(CSF) • Skaperdas, S., 1996. Contest success functions. Economic Theory 7, 283–290. • Definition

  21. ADOD example

  22. ADOD (Average Degree of Disconnectivity) • The larger number of the Average DOD value is, the more damage degree of the network would be.

  23. Problem Description

  24. Defender versus Attacker

  25. Defender versus Attacker

  26. Defender versus Attacker

  27. Objective • The network survivability is measured by ADOD. • The game has two players: an attacker (he, A)and a defender(she, D). • Defender • Objective - minimize the damage of the network (ADOD). • Budget Constraint -  deploying the defense budget in nodes  repairing the compromised node  releasing message in nodes • Attacker • Objective - maximize the damage of the network (ADOD). • Budget Constraint –  deploying the attack budget in nodes  updating information

  28. Defender’s characteristics-Private information (Defender’s view) • The defender has private information,including each node’s valuation, each node’s type and network topology.

  29. Defender’s characteristics-Private information (Attacker’s view) • The defender has private information,including each node’s valuation, each node’s type and network topology.

  30. Defender’s characteristics • Effective resources: tm. • Resource reallocation, recycling and accumulation. • Each node’s type. • Bounded rationality. • High availability system.

  31. Attacker’s characteristics • Attacker’s private information: attacker’s budget and something defender did not know. • Effective resources: Tm. • Resource growth:attacker could increase resources when the attacker compromised network nodes. • Resource accumulation. • Bounded rationality.

  32. Defender’s action • In each round, the defender moves first, determines strategy and chooses message which may be truth, deception or secrecy to each node.

  33. Message releasing • Message releasing can be classified into two types.  A node’s information could be divided into different parts to release message by the defender.  The defender could release a node’s defensive state as a message to the attacker.

  34. Message releasing- type 1 • The defender could choose a part of information from a node according to his strategy which released truthful message, deceptive message or secrecy.

  35. Message releasing- type 1 example • The defender chooses : 1. Truthful message if and only if message = actual information; 2. Secrecy if and only if message is secret; 3. Deceptive message if and only if message ≠ actual information. Cost: Deceptive message > Secrecy > Truthful message Defender OS: Linux FTP: Filezilla server DB: MYSQL Message OS: Linux FTP: Filezilla server DB: MYSQL Message OS: Win 7 FTP: Filezilla server DB: unknown

  36. Message releasing- type 1 scenario (Defender's view in each round) The defender chose the part of information to release truth message The defender chose the part of information to use deception Keep the node’s part of information secret

  37. Message releasing- type 1 scenario (Defender's view in each round) The defender chose the part of information to release truth message The defender chose the part of information to use deception Keep the node’s part of information secret

  38. Message releasing- type 2 • The defender released different message, which are truth, deception or secrecy, on each node as a mixed strategy. ?

  39. Message releasing- type 2 scenario (Defender's view in each round) The defender’s actual strategy: Defense resource on node i Keep defender’s actual strategy secret The defender’s message: Defense resource on node i

  40. Message releasing- type 2 scenario (Defender's view in each round) The defender’s actual strategy: Defense resource on node i Keep defender’s actual strategy secret The defender’s message: Defense resource on node i

  41. Message releasing- type 2 scenario (Defender's view in each round) The defender’s actual strategy: Defense resource on node i Keep defender’s actual strategy secret The defender’s message: Defense resource on node i

  42. Message releasing- type 2 scenario (Defender's view in each round) The defender’s actual strategy: Defense resource on node i Keep defender’s actual strategy secret The defender’s message: Defense resource on node i

  43. Message releasing- type 2 scenario (Attacker's view in each round) The defender’s actual strategy: Defense resource on node i Keep defender’s actual strategy secret The defender’s message: Defense resource on node i

  44. The effect of deception/secrecy • The effect of deception or secrecy would be discounted if the attacker knew defender’s partial private information.

  45. The effect of deception/secrecy • The effect of deception or secrecy would be zero if the attacker knew something that the defender did not know.

  46. Immune benefit • Although the attacker knows something that the defender did not know, the defender can update information after observing the result of each round’s contest. • After the defender updated information, she had immune benefit which means that the attacker was unable to use identical attack.

  47. Defender’s resources • From the view of the defender, the budget could be reallocated or recycled but the discount factor is also considered. • The defender could accumulate resources to decrease attack success probability to defend network nodes in next time.

  48. Defender’s resourcesexample – type 2 scenario Defender Reallocated Recycled Reallocated The defender’s actual strategy: Defense resource on node i Keep defender’s actual strategy secret The defender’s message: Defense resource on node i

  49. Attacker’s information • The attacker knows only partial network topology. • The attacker could update information after observing the result of each round’s contest and defender’s messages.

  50. Attacker’s resources • The attacker could accumulate experience to increase attack success probability to compromise network nodes in next time. • The attacker could increase resources when the attacker compromised network nodes. In the first round, the attacker put 3 units of attack budget to collect informationof node i. i In the second round, the attacker put 6 units of attack budget to attack node i. Total attack resource= 3*discount rate +6

More Related