Incentive-based modeling and inference of attacker intent, objectives, and strategies

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Incentive-based modeling and inference of attacker intent, objectives, and strategies

Full text

Pdf (332 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 10th ACM conference on Computer and communications security table of contents

Washington D.C., USA

SESSION: Information warfare table of contents

Pages: 179 - 189

Year of Publication: 2003

ISBN:1-58113-738-9

Authors

Peng Liu	Penn State University, University Park, PA
Wanyu Zang	Penn State University, University Park, PA

Sponsor

ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 17, Downloads (12 Months): 72, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/948109.948135 What is a DOI?

ABSTRACT

Although the ability to model and infer Attacker Intent, Objectives and Strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this paper, we present a general incentive-based method to model AIOS and a game theoretic approach to infer AIOS. On one hand, we found that the concept of incentives can unify a large variety of attacker intents; the concept of utilities can integrate incentives and costs in such a way that attacker objectives can be practically modeled. On the other hand, we developed a game theoretic AIOS formalization which can capture the inherent inter-dependency between AIOS and defender objectives and strategies in such a way that AIOS can be automatically inferred. Finally, we use a specific case study to show how AIOS can be inferred in real world attack-defense scenarios.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	The network simulator ns-2. http://www.isi.edu/nsnam/ns/.
	2	Hilary K. Browne , William A. Arbaugh , John McHugh , William L. Fithen, A Trend Analysis of Exploitations, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.214, May 14-16, 2001
	3	R. Browne. C4i defensive infrastructure for survivability against multi-mode attacks. In Proc. 21st Century Military Communications - Architectures and Technologies for Information Superiority, 2000.
	4	D. Buike. Towards a game theory model of information warfare. Technical report, Airforce Institute of Technology, 1999. Master's Thesis.
	5	E. H. Clarke. Multipart pricing of public goods. Public Choice, 11:17--33, 1971.
	6	V. Conitzer and T. Sandholm. Complexity results about nash equilibria. Technical report, Carnegie Mellon University, 2002. CMU-CS-02-135.
	7	Frédéric Cuppens , Alexandre Miège, Alert Correlation in a Cooperative Intrusion Detection Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.202, May 12-15, 2002
	8	Hervé Debar , Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, p.85-103, October 10-12, 2001
	9	Joan Feigenbaum , Christos Papadimitriou , Rahul Sami , Scott Shenker, A BGP-based mechanism for lowest-cost routing, Proceedings of the twenty-first annual symposium on Principles of distributed computing, July 21-24, 2002, Monterey, California [doi>10.1145/571825.571856]
	10	A. M. Fink. Equilibrium in a stochastic n-person game. Journal of Science in Hiroshima University, Series A-I, (28):89--93, 1964.
	11	Lawrence A. Gordon , Martin P. Loeb, Using information security as a response to competitor analysis systems, Communications of the ACM, v.44 n.9, p.70-75, Sept. 2001 [doi>10.1145/383694.383709]
	12	T. Groves. Incentives in teams. Econometrica, 41:617--663, 1973.
	13	J. P. Hespanha and S. Bohacek. Preliminary results in routing games. In Proc. 2001 American Control Conference, 2001.
	14	J. Nash. Equilibrium Points in n-Person Games Proceedings of the National Academy of Sciences, 36, 1950.
	15	J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against ddos attacks. In Proc. 2002 Network and Distributed Systems Security, 2002.
	16	D. Koller and B. Milch. Multi-agent influence diagrams for representing and solving games. In Proc. 17th International Joint Conference on Artificial Intelligence, 2001.
	17	Carl E. Landwehr , Alan R. Bull , John P. McDermott , William S. Choi, A taxonomy of computer program security flaws, ACM Computing Surveys (CSUR), v.26 n.3, p.211-254, Sept. 1994 [doi>10.1145/185403.185412]
	18	Peng Liu , Sushil Jajodia , Catherine D. McCollum, Intrusion confinement by isolation in information systems, Journal of Computer Security, v.8 n.4, p.243-279, Dec. 2000
	19	Teresa F. Lunt, A survey of intrusion detection techniques, Computers and Security, v.12 n.4, p.405-418, June 1993 [doi>10.1016/0167-4048(93)90029-5]
	20	K. Lye and J. M. Wing. Game strategies in network security. In Proc. 15th IEEE Computer Security Foundations Workshop, 2002.
	21	Dahlia Malkhi , Michael K. Reiter, Secure Execution of Java Applets Using a Remote Playground, IEEE Transactions on Software Engineering, v.26 n.12, p.1197-1209, December 2000 [doi>10.1109/32.888632]
	22	A. Mas-Colell, M. D. Whinston, and J. R. Green. Microeconomic Theory. Oxford University Press, 1 edition, 1995.
	23	J. McHugh. Intrusion and intrusion detection. International Journal of Information Security, (1):14--35, 2001.
	24	M. Mesterton-Gibbons. An Introduction to Game-Theoretic Modeling. Addison-Wesley Publishing Company, 1992.
	25	B. Mukherjee, L. T. Heberlein, and K.N. Levitt. Network intrusion detection. IEEE Network, pages 26--41, June 1994.
	26	Peng Ning , Yun Cui , Douglas S. Reeves, Constructing attack scenarios through correlation of intrusion alerts, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586144]
	27	N. Nisan and A. Ronen. Algorithmic mechanism design. Games and Economic Behavior, 35, 2001.
	28	Paul F. Syverson, A Different Look at Secure Distributed Computation, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.109, June 10-12, 1997
	29	F. Thusijsman. Optimality and Equilibria in Stochastic Games. Gentrum voor Wiskunde en Information, Amsterdam, 1992.
	30	W. Vickrey. Counterspeculation, auctions, and competitive sealed tenders. Journal of Finance, 16:8--37, 1961.
	31	XiaoFeng Wang , Michael K. Reiter, Defending Against Denial-of-Service Attacks with Puzzle Auctions, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.78, May 11-14, 2003
	32	M. P. Wellman and W. E. Walsh. Auction protocols for decentralized scheduling. Games and Economic Behavior, 35, 2001.
	33	Cliff Changchun Zou , Weibo Gong , Don Towsley, Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586130]
	34	Jun Xu , Wooyong Lee, Sustaining Availability of Web Services under Distributed Denial of Service Attacks, IEEE Transactions on Computers, v.52 n.2, p.195-208, February 2003 [doi>10.1109/TC.2003.1176986]

CITED BY 2

	Yu Liu , Cristina Comaniciu , Hong Man, A Bayesian game approach for intrusion detection in wireless ad hoc networks, Proceeding from the 2006 workshop on Game theory for communications and networks, October 14-14, 2006, Pisa, Italy
	Gabriele Gianini , Ernesto Damiani, Cloaking games in location based services, Proceedings of the 2008 ACM workshop on Secure web services, October 31-31, 2008, Alexandria, Virginia, USA