Cyber-Attack Forecast Modeling and Complexity Reduction Using a Game-Theoretic Framework

Malachi Jones*, Georgios Kotsalis, Jeff S. Shamma

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

The security community has placed a significant emphasis on developing tools and techniques to address known security issues. Some examples of this emphasis include security tools such as anti-virus software and Intrusion Detection Systems (IDS). This reactive approach to security is effective against novice adversaries (i.e. script kiddies) because they typically use off-the-shelf tools and popular techniques to conduct their attacks. In contrast, the innovative adversaries often devise novel attack vectors and methodologies that can render reactive measures inadequate. These pioneering adversaries have continually pushed the security frontier forward and motivate a need for proactive security approaches. A proactive approach that we pursue in this research is actionable cyber-attack forecasting. The objectives of actionable cyber-attack forecasting are to learn an attacker's behavioral model, to predict future attacks, and to select appropriate countermeasures. The computational complexity of analyzing attacker models has been an impediment to the realization of reliable cyber-attack forecasting. We address this complexity issue by developing adversary models and corresponding complexity reduction techniques. We then introduce a heuristic for learning behavioral models of potentially deceptive adversaries online. Last, we consider a capture-the-flag problem, formulate the problem as a cybersecurity game with asymmetric information, and demonstrate how the models and techniques developed in this paper can be used to forecast a cyber-attack and recommend appropriate countermeasures.

Original languageEnglish (US)
Title of host publicationControl of Cyber-Physical Systems - Workshop Held at The Johns Hopkins University
PublisherSpringer Verlag
Pages65-84
Number of pages20
ISBN (Print)9783319011585
DOIs
StatePublished - Jan 1 2013
EventWorkshop on Control of Cyber-Physical Systems, CPS 2013 - Baltimore, MD, United States
Duration: Mar 20 2013Mar 21 2013

Publication series

NameLecture Notes in Control and Information Sciences
Volume449 LNCIS
ISSN (Print)0170-8643

Other

OtherWorkshop on Control of Cyber-Physical Systems, CPS 2013
CountryUnited States
CityBaltimore, MD
Period03/20/1303/21/13

Keywords

  • asymmetric information games
  • belief compression
  • cyber-attack forecasting
  • game theory

ASJC Scopus subject areas

  • Library and Information Sciences

Fingerprint Dive into the research topics of 'Cyber-Attack Forecast Modeling and Complexity Reduction Using a Game-Theoretic Framework'. Together they form a unique fingerprint.

Cite this