1 / 18

Game Strategies in Network Security

Learn about game strategies in network security, including attacker and administrator actions, state transitions, Nash equilibria, and future work. Discover how to defend against network attacks.

tylerbell
Download Presentation

Game Strategies in Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Game Strategiesin Network Security Kong-wei Lye and Jeannette M. Wing Carnegie Mellon University Pittsburgh, Pennsylvania, U.S.A.

  2. Network Example Firewall Attacker Border router Internet Public web server Private file server Private workstation Game Strategies in Network Security

  3. Motivation • Players in the network attack-defense game • Attacker • Administrator • Results of their actions: • costs and rewards • state transitions in network Model of their interactions: stochastic game. Game Strategies in Network Security

  4. lEW W lWF lNW E F N lFN Model Node states: nW , nF , nN nX = < P, a, d > P { f, h, n, p, s ,v } a { u, c } d { c, i } Traffic state: t = < lEW , lWF , lFN , lNW > lXY { 0, , , 1 } Network state: < nW , nF , nN , t > Game Strategies in Network Security

  5. Stochastic Games Current state: x Player 1 takes action a Player 2 takes action b Prob(x|x,a,b) Prob(y|x,a,b) x y Player 1 gets reward R1(x,a,b) Player 2 gets reward R2(x,a,b) Game Strategies in Network Security

  6. Strategies Strategy: probability distribution over action set for each state s. Playerkshould take actioniat stateswith probability(s,i) Game Strategies in Network Security

  7. Expected Returns Expected discounted return for player k at state s when player 1 uses 1 and player 2 uses 2: Value vector: Game Strategies in Network Security

  8. Nash Equilibrium is a Nash equilibrium strategy pair if is player 1’s best response to player 2’s and vice versa. Game Strategies in Network Security

  9. Nash Equilibria • Zero-sum game: 1 unique Nash equilibrium • General-sum game:  1 Nash equilibria • Discounted general-sum stochastic games: most applicable class of games. • Nonlinear program (NLP-1) [FV96]: used to compute Nash equilibria [FV96] Jerzy Filar & Koos Vrieze. Competitive Markov Decision Processes. Springer-Verlag, New York, 1996. Game Strategies in Network Security

  10. State transitions Normal_operation <<(f,h),u,i>,<(f,n),u,i>,<(p),u,i>, <1/3,1/3,1/3,1/3>> Attack_httpd, 1.0, 10 Continue_ attacking, 0.5, 0 Httpd_attacked < <(f,h),u,i>, <(f,n),u,i>, <(p),u,i>, <2/3, 1/3, 1/3, 1/3> > Continue_attacking, 0.5, 0 Httpd_hacked < <(f),c,i>, <(f,n),u,i>, <(p),u,i>, <1/3, 1/3, 1/3, 1/3> > Game Strategies in Network Security

  11. Attack Graph Attack Scenario Normal_operation Normal_operation Attack_ftpd Attack_ftpd Attack_httpd Continue_ attacking Continue_ attacking Httpd_attacked Ftpd_attacked Ftpd_attacked Continue_attacking Continue_attacking Continue_attacking Httpd_hacked Install_sniffer Ftpd_hacked Ftpd_hacked Deface_website_ leave Install_sniffer Install_sniffer Install_sniffer Install_sniffer  Website_defaced Webserver_sniffer Webserver_sniffer Webserver_sniffer_detector Run_DOS_virus Crack_workstation_root_ password Crack_workstation_root_ password Crack_file_server_root_password Webserver_DOS_1  Workstation_hacked Workstation_hacked Fileserver_hacked Capture_data Capture_data Webserver_DOS_2 Capture_data Workstation_data_stolen_1 Workstation_data_stolen_1 Fileserver_data_stolen_1  Shutdown_network Shutdown_network Shutdown_network Network_shut_down Network_shut_down Game Strategies in Network Security

  12. Running NLP-1 • Model: 18 states, 3 actions per state • Matlab by The MathWorks • Pentium III 600Mhz 128Mb • 30 to 45 minutes per run • Multiple Nash equilibria, depending on initialization conditions Game Strategies in Network Security

  13. Results Nash Equilibrium for example Game Strategies in Network Security

  14. Nash Equilibrium Excerpts State:Httpd_hacked State:Webserver_sniffer State:Webserver_DOS_1 Game Strategies in Network Security

  15. Nash Equilibrium Excerpts States:Fileserver_hacked, Workstation_hacked State:Webserver_sniffer Game Strategies in Network Security

  16. Summary • Related work employs zero-sum or static games • [Bel01], [Bro00], [Bur99], [HB01], [MSAH01], [Syv97]. • Modeled the network security problem as general-sum stochastic game • Found multiple Nash equilibria (best attack and defense strategies) for network example • Knowledge of strategies useful for administrator Game Strategies in Network Security

  17. Future Work • Scalability • Decompose large models into smaller components • Use automatic attack graph generation method by [SJW02]. [SJW02] O. Sheyner, S. Jha, J. Wing. Automated generation and analysis of attack graphs. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, 2002. Game Strategies in Network Security

  18. 1,1 3,0 0,3 2,2 Game Theory The Prisoner’s Dilemma Prisoner 2 cooperate defect cooperate Prisoner 1 defect Game Strategies in Network Security

More Related