Open AccessBook Chapter10.1007/978-3-642-30373-9_19

A Network Security Classification Game

- 16 Apr 2011

- pp 265-280

TL;DR: This work considers a network security classification game in which a strategic defender decides whether an attacker is a strategic spy or a naive spammer based on an observed sequence of attacks on file- or mail-servers, finding that when the defender commits to a fixed observation window, often the spy’s best response is either full-exploitation mode or full-confusion mode.

Abstract: We consider a network security classification game in which a strategic defender decides whether an attacker is a strategic spy or a naive spammer based on an observed sequence of attacks on file- or mail-servers. The spammer’s goal is attacking the mail-server, while the spy’s goal is attacking the file-server as much as possible before detection. The defender observes for a length of time that trades-off the potential damage inflicted during the observation period with the ability to reliably classify the attacker. Through empirical analyses, we find that when the defender commits to a fixed observation window, often the spy’s best response is either full-exploitation mode or full-confusion mode. This discontinuity prevents the existence of a pure Nash equilibrium in many cases. However, when the defender can condition the observation time based on the observed sequence, a Nash equilibrium often exists.

AI Agents for this Paper

Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps

Most frequently asked questions

1. What have the authors contributed in "A network security classification game" ?

The authors consider a network security classification game in which a strategic defender decides whether an attacker is a strategic spy or a naive spammer based on an observed sequence of attacks on fileor mail-servers.. The defender observes for a length of time that trades-off the potential damage inflicted during the observation period with the ability to reliably classify the attacker.

2. What have the authors stated for future works in "A network security classification game" ?

Their game provides a new perspective to study the classification problem in network security, capturing many subtle yet important interplays between defender and attackers.. The results to date are largely empirical, and the authors plan to explore a number of theoretical questions in future work.

Fig. 2. Numerical results for three scenarios of the commit to N game with parameters θ0 = 0.1, c0 = .01, c1 = 1 and δ = 0.99, while parameters p and F vary as indicated. No Nash equilibrium exists in (a) or (b), but in (c) is a (rare) case with an equilibrium.

Fig. 1. An illustration of the classification game.

Fig. 3. Numerical results for the dynamic N game in three scenarios, using the same parameters as in Fig. 2 (for the commit to N game) except for p and F in (c). A Nash equilibrium exists in (a) and (b), but in (c) is a (rare) case with no such equilibrium.

Fig. 4. Illustrations of (a) the error curve discussed in Appendix A.2 and (b) the optimal cost-to-go function discussed in Appendix A.3.

Citations

Proceedings Article•10.1109/ALLERTON.2015.7447027

A non-zero-sum, sequential detection game

Braden Soper, +1 more

- 01 Sep 2015

TL;DR: The existence of pure Nash equilibria are proved and sufficient conditions for the existence of StackelbergEquilibria with the defender as leader in the special case that the attacker does not discount future payoffs are given.

...read moreread less

Book Chapter•10.1007/978-3-642-37210-0_57

Risk-Based models of attacker behavior in cybersecurity

Si Li, +2 more

- 02 Apr 2013

TL;DR: A new framework for modeling cyber attackers based on the risk they are willing to incur and delineate them based on skill level is presented, which can facilitate decision-making and resource allocation to counteract cybersecurity incidents.

...read moreread less

•Proceedings Article

Optimal Strategies Against Generative Attacks

Roy Mor, +3 more

- 30 Apr 2020

TL;DR: This work formulate the scenario of such an authentication system facing generative impersonation attacks, characterize it from a theoretical perspective and explore its practical implications, and design practical learning approaches that result in models that are more robust to various attacks on real-world data.

...read moreread less

Proceedings Article•10.1109/ICASSP.2013.6638202

On optimal decisions in an introduction-based reputation protocol

Richard Al-Bayaty, +1 more

- 26 May 2013

TL;DR: This paper models the main decision process in an introduction-based reputation protocol, namely that of continuing/closing an active connection, as a sequential detection problem in which each stage corresponds to a transaction that is (perhaps erroneously) classified as either benign or harmful.

...read moreread less

Report•10.21236/ADA583626

Out-Learning Attackers: A Game Theoretic Approach to Cyber Defense

John Musacchio, +2 more

- 01 Apr 2013

TL;DR: A Markov Decision Process (MDP) model is constructed to demonstrate the value of not always expelling attackers found in a defender's information system and a model to extract qualitative insights into the interaction of a defender trying to classify an attacker and an attacker trying to evade classification is developed.

...read moreread less

References

•Book

Dynamic Programming and Optimal Control

Dimitri P. Bertsekas

- 01 May 1995

TL;DR: The leading and most up-to-date textbook on the far-ranging algorithmic methododogy of Dynamic Programming, which can be used for optimal control, Markovian decision problems, planning and sequential decision making under uncertainty, and discrete/combinatorial optimization.

...read moreread less

12.9K

•Journal Article•10.1016/S0004-3702(98)00023-X

Planning and Acting in Partially Observable Stochastic Domains

Leslie Pack Kaelbling, +2 more

- 01 May 1998

- Artificial Intelligence

TL;DR: A novel algorithm for solving pomdps off line and how, in some cases, a finite-memory controller can be extracted from the solution to a POMDP is outlined.

...read moreread less

4.9K

•Book

Statistical Inference

Rajagopalandhanavan

- 01 Jan 2012

Abstract: Some statistical studies record categorical variables that can be measured as counts or per cents. The population parameters of interest are the population proportions in the separate categories. We can analyse a single proportion or compare two proportions. The methods of analysis are similar to methods used for inference about means, discussed in Chapter 7. Both methods of inference are based on sampling distributions that are approximately normal.

...read moreread less

1.5K

•Book

Network Security: A Decision and Game-Theoretic Approach

Tansu Alpcan, +1 more

- 01 Oct 2010

TL;DR: Covering attack detection, malware response, algorithm and mechanism design, privacy, and risk management, this comprehensive work applies unique quantitative models derived from decision, control, and game theories to understanding diverse network security problems.

...read moreread less

549

•Journal Article•10.1007/S10207-004-0060-X

Game strategies in network security

Kong-Wei Lye, +1 more

- 01 Feb 2005

- International Journal of Information Sec...

TL;DR: In this paper, the interactions between an attacker and an administrator were modeled as a two-player stochastic game and a nonlinear program was used to compute Nash equilibria or best-response strategies for the players (attacker and administrator).

...read moreread less

433

A Network Security Classification Game

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What have the authors contributed in "A network security classification game" ?

2. What have the authors stated for future works in "A network security classification game" ?

Figures

Citations

A non-zero-sum, sequential detection game

Risk-Based models of attacker behavior in cybersecurity

Optimal Strategies Against Generative Attacks

On optimal decisions in an introduction-based reputation protocol

Out-Learning Attackers: A Game Theoretic Approach to Cyber Defense

References

Dynamic Programming and Optimal Control

Planning and Acting in Partially Observable Stochastic Domains

Statistical Inference

Network Security: A Decision and Game-Theoretic Approach

Game strategies in network security

Related Papers (5)

Security games with limited surveillance

SHARE: A Stackelberg Honey-Based Adversarial Reasoning Engine

Defending a single object in a defender-attacker game considering time

Using game theory to model DoS attack and defence

Deterrence of Cyber Attackers in a Three-Player Behavioral Game