General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks

Sailik Sengupta, Ankur Chowdhary, Dijiang Huang, Subbarao Kambhampati

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The processing and storage of critical data in large-scale cloud networks necessitate the need for scalable security solutions. It has been shown that deploying all possible detection measures incur a cost on performance by using up valuable computing and networking resources, thereby resulting in Service Level Agreement (SLA) violations promised to the cloud-service users. Thus, there has been a recent interest in developing Moving Target Defense (MTD) mechanisms that helps to optimize the joint objective of maximizing security while ensuring that the impact on performance is minimized. Often, these techniques model the challenge of multi-stage attacks by stealthy adversaries as a single-step attack detection game and use graph connectivity measures as a heuristic to measure performance, thereby (1) losing out on valuable information that is inherently present in multi-stage models designed for large cloud networks, and (2) come up with strategies that have asymmetric impacts on performance, thereby heavily affecting the Quality of Service (QoS) for some cloud users. In this work, we use the attack graph of a cloud network to formulate a general-sum Markov Game and use the Common Vulnerability Scoring System (CVSS) to come up with meaningful utility values in each state of the game. We then show that, for the threat model in which an adversary has knowledge of a defender’s strategy, the use of Stackelberg equilibrium can provide an optimal strategy for placement of security resources. In cases where this assumption turns out to be too strong, we show that the Stackelberg equilibrium turns out to be a Nash equilibrium of the general-sum Markov Game. We compare the gains obtained using our method(s) to other baseline techniques used in cloud network security. Finally, we highlight how the method was used in a real-world small-scale cloud system.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings
EditorsTansu Alpcan, Yevgeniy Vorobeychik, John S. Baras, György Dán
PublisherSpringer
Pages492-512
Number of pages21
ISBN (Print)9783030324292
DOIs
StatePublished - Jan 1 2019
Event10th International Conference on Decision and Game Theory for Security, GameSec 2019 - Stockholm, Sweden
Duration: Oct 30 2019Nov 1 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11836 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference10th International Conference on Decision and Game Theory for Security, GameSec 2019
CountrySweden
CityStockholm
Period10/30/1911/1/19

Fingerprint

Moving Target
Game
Stackelberg Equilibrium
Network security
Attack
Quality of service
Multistage Model
Graph Connectivity
Service Level Agreement
Resources
Processing
Network Security
Small World
Optimal Strategy
Costs
Scoring
Vulnerability
Networking
Nash Equilibrium
Performance Measures

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Sengupta, S., Chowdhary, A., Huang, D., & Kambhampati, S. (2019). General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks. In T. Alpcan, Y. Vorobeychik, J. S. Baras, & G. Dán (Eds.), Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings (pp. 492-512). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11836 LNCS). Springer. https://doi.org/10.1007/978-3-030-32430-8_29

General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks. / Sengupta, Sailik; Chowdhary, Ankur; Huang, Dijiang; Kambhampati, Subbarao.

Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings. ed. / Tansu Alpcan; Yevgeniy Vorobeychik; John S. Baras; György Dán. Springer, 2019. p. 492-512 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11836 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sengupta, S, Chowdhary, A, Huang, D & Kambhampati, S 2019, General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks. in T Alpcan, Y Vorobeychik, JS Baras & G Dán (eds), Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11836 LNCS, Springer, pp. 492-512, 10th International Conference on Decision and Game Theory for Security, GameSec 2019, Stockholm, Sweden, 10/30/19. https://doi.org/10.1007/978-3-030-32430-8_29
Sengupta S, Chowdhary A, Huang D, Kambhampati S. General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks. In Alpcan T, Vorobeychik Y, Baras JS, Dán G, editors, Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings. Springer. 2019. p. 492-512. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-32430-8_29
Sengupta, Sailik ; Chowdhary, Ankur ; Huang, Dijiang ; Kambhampati, Subbarao. / General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks. Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings. editor / Tansu Alpcan ; Yevgeniy Vorobeychik ; John S. Baras ; György Dán. Springer, 2019. pp. 492-512 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{90b17c4bf602466895fc38b7339c4ab5,
title = "General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks",
abstract = "The processing and storage of critical data in large-scale cloud networks necessitate the need for scalable security solutions. It has been shown that deploying all possible detection measures incur a cost on performance by using up valuable computing and networking resources, thereby resulting in Service Level Agreement (SLA) violations promised to the cloud-service users. Thus, there has been a recent interest in developing Moving Target Defense (MTD) mechanisms that helps to optimize the joint objective of maximizing security while ensuring that the impact on performance is minimized. Often, these techniques model the challenge of multi-stage attacks by stealthy adversaries as a single-step attack detection game and use graph connectivity measures as a heuristic to measure performance, thereby (1) losing out on valuable information that is inherently present in multi-stage models designed for large cloud networks, and (2) come up with strategies that have asymmetric impacts on performance, thereby heavily affecting the Quality of Service (QoS) for some cloud users. In this work, we use the attack graph of a cloud network to formulate a general-sum Markov Game and use the Common Vulnerability Scoring System (CVSS) to come up with meaningful utility values in each state of the game. We then show that, for the threat model in which an adversary has knowledge of a defender’s strategy, the use of Stackelberg equilibrium can provide an optimal strategy for placement of security resources. In cases where this assumption turns out to be too strong, we show that the Stackelberg equilibrium turns out to be a Nash equilibrium of the general-sum Markov Game. We compare the gains obtained using our method(s) to other baseline techniques used in cloud network security. Finally, we highlight how the method was used in a real-world small-scale cloud system.",
author = "Sailik Sengupta and Ankur Chowdhary and Dijiang Huang and Subbarao Kambhampati",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-32430-8_29",
language = "English (US)",
isbn = "9783030324292",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "492--512",
editor = "Tansu Alpcan and Yevgeniy Vorobeychik and Baras, {John S.} and Gy{\"o}rgy D{\'a}n",
booktitle = "Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings",

}

TY - GEN

T1 - General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks

AU - Sengupta, Sailik

AU - Chowdhary, Ankur

AU - Huang, Dijiang

AU - Kambhampati, Subbarao

PY - 2019/1/1

Y1 - 2019/1/1

N2 - The processing and storage of critical data in large-scale cloud networks necessitate the need for scalable security solutions. It has been shown that deploying all possible detection measures incur a cost on performance by using up valuable computing and networking resources, thereby resulting in Service Level Agreement (SLA) violations promised to the cloud-service users. Thus, there has been a recent interest in developing Moving Target Defense (MTD) mechanisms that helps to optimize the joint objective of maximizing security while ensuring that the impact on performance is minimized. Often, these techniques model the challenge of multi-stage attacks by stealthy adversaries as a single-step attack detection game and use graph connectivity measures as a heuristic to measure performance, thereby (1) losing out on valuable information that is inherently present in multi-stage models designed for large cloud networks, and (2) come up with strategies that have asymmetric impacts on performance, thereby heavily affecting the Quality of Service (QoS) for some cloud users. In this work, we use the attack graph of a cloud network to formulate a general-sum Markov Game and use the Common Vulnerability Scoring System (CVSS) to come up with meaningful utility values in each state of the game. We then show that, for the threat model in which an adversary has knowledge of a defender’s strategy, the use of Stackelberg equilibrium can provide an optimal strategy for placement of security resources. In cases where this assumption turns out to be too strong, we show that the Stackelberg equilibrium turns out to be a Nash equilibrium of the general-sum Markov Game. We compare the gains obtained using our method(s) to other baseline techniques used in cloud network security. Finally, we highlight how the method was used in a real-world small-scale cloud system.

AB - The processing and storage of critical data in large-scale cloud networks necessitate the need for scalable security solutions. It has been shown that deploying all possible detection measures incur a cost on performance by using up valuable computing and networking resources, thereby resulting in Service Level Agreement (SLA) violations promised to the cloud-service users. Thus, there has been a recent interest in developing Moving Target Defense (MTD) mechanisms that helps to optimize the joint objective of maximizing security while ensuring that the impact on performance is minimized. Often, these techniques model the challenge of multi-stage attacks by stealthy adversaries as a single-step attack detection game and use graph connectivity measures as a heuristic to measure performance, thereby (1) losing out on valuable information that is inherently present in multi-stage models designed for large cloud networks, and (2) come up with strategies that have asymmetric impacts on performance, thereby heavily affecting the Quality of Service (QoS) for some cloud users. In this work, we use the attack graph of a cloud network to formulate a general-sum Markov Game and use the Common Vulnerability Scoring System (CVSS) to come up with meaningful utility values in each state of the game. We then show that, for the threat model in which an adversary has knowledge of a defender’s strategy, the use of Stackelberg equilibrium can provide an optimal strategy for placement of security resources. In cases where this assumption turns out to be too strong, we show that the Stackelberg equilibrium turns out to be a Nash equilibrium of the general-sum Markov Game. We compare the gains obtained using our method(s) to other baseline techniques used in cloud network security. Finally, we highlight how the method was used in a real-world small-scale cloud system.

UR - http://www.scopus.com/inward/record.url?scp=85076421726&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85076421726&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-32430-8_29

DO - 10.1007/978-3-030-32430-8_29

M3 - Conference contribution

AN - SCOPUS:85076421726

SN - 9783030324292

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 492

EP - 512

BT - Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings

A2 - Alpcan, Tansu

A2 - Vorobeychik, Yevgeniy

A2 - Baras, John S.

A2 - Dán, György

PB - Springer

ER -