A Game Theoretic Approach for Active Defense - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

A Game Theoretic Approach for Active Defense

Description:

since the FDS wants to outguess the bad guy and vice versa ... If the good guy takes Nash strategies, the false alarm rate is 0 ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 28
Provided by: pliu5
Category:

less

Transcript and Presenter's Notes

Title: A Game Theoretic Approach for Active Defense


1
A Game Theoretic Approach for Active Defense
  • Peng Liu
  • Lab. for Info. and Sys. Security
  • University of Maryland, Baltimore County
  • Baltimore, MD 21250
  • OASIS, March 2002

2
Evolution of Defensive Computing Systems
Survivability
- assessment - repair - isolation
-containment - replication
- segmentation -
masking - migration
- quorums - voting -
reconfiguration - ...
Intrusion Detection
Prevention
- authentication, access control, inference
control, information flows, encryption, keys,
signatures, ...
- host-based, network-based, misuse detection,
anomaly detection, ...
However, many existing defensive computing
systems are passive!.
3
Many IDS are passive
  • Static intrusion detection -- fixed IDS
    configuration
  • Adaptive intrusion detection -- reactive but not
    active
  • adapting IDS configuration to the changing
    environment
  • most successful when new attacks follow the same
    trend

Passive -- the defense lags behind the offense.
4
Many existing intrusion tolerant systems are
passive
Environment
Tuner
attacks
An intrusion tolerant system
good accesses
  • Reactive adaptations work well when the
    environment gradually changes following the same
    trend
  • When the environment suddenly changes, the
    adaptation latency can be significant, during
    which the system is not stable and can perform
    very poorly

5
ITDB is passive
Authorized but malicious transactions
Tuner
alarms
Mediator Damage Container
Intrusion Detector
trails
suspicious transactions
malicious transactions
merge
isolation
database
assess
repair
alarms
discard
Repair manager
trails
6
Active Defense Systems
Environment
An attacking system
Tuner
battle
An intrusion tolerant system
good accesses
7
A game theoretic approach for activedefense
Game
Player 1
Player 2
Attack strategy
Defense strategy
An intrusion tolerant system
An attacking system
strategy space
strategy space
Payoff-2 (D, A)
Payoff-1 (D, A)
time
  • The game should have multiple phases
  • The simplest case should be repeated games

8
A simple game
Prisoner 2
high risk
Deny
Confess
Deny
-1, -1
-9, 0
Nash equilibrium
Prisoner 1
Confess
-6, -6
0, -9
  • Rational players maximum payoffs with minimum
    risks
  • Rational prediction -- Nash equilibrium --
    (confess, confess)
  • player 1s predicted strategy is player 1s best
    response to the predicted strategy of player 2,
    and vice versa
  • no single player wants to deviate from his or
    her predicted strategy

9
A motivating example
Fraud Detection
Acquiring Bank
Merchant
  • credit card transactions
  • fraud detection
  • a profile for each card (customer)
  • distance (transaction, profile) indicates the
    anomaly
  • raising several levels of alarms based on the
    distance using a set of thresholds
  • challenge -- how to
  • minimize the fraud loss
  • minimize the denial-of-service

Account information
Issuing Bank
10
Anomaly Detection System Specification
11
A game for active fraud defense (1)
Probability
Types
Payoff
Good guy
believes
1-?
ugood
Fraud Detection System
?
Customer
ubad
Bad guy
uads (1- ?)uads,good ? uads, bad
Bayesian 2-player active defense game
12
A game for active fraud defense (2)
  • Assumption the profile of each customer is
    simply specified by the transaction amount

13
Attack Prediction Game
14
A naïve approach
  • Assumption the attacker knows Pi
  • The Nash Equilibrium is
  • when b0
  • the FDSs stategy is TH0
  • the good guys strategy is amountPi
  • the bad guys strategy is amount Pi
  • when bgt0
  • there is no (pure strategy) Nash equilibrium
  • since the FDS wants to outguess the bad guy and
    vice versa

However, Pi is usually not completely known to
the bad guy!
15
A probabilistic approach
  • Assumption the attacker only knows a
    distribution of Pi, e.g., a normal distribution
  • The Nash Equilibrium (TH, Ag, Ab) must
    satisfy

here
CL
Ab
Pi
However, when b is very small
2TH
0
16
Adding more uncertainty
  • Motivation in many cases, the FDS is uncertain
    about the attackers strategy
  • Assumption the attackers strategy is randomly
    distributed over an attack window X, XB where
    B is fixed
  • The results are

CL
Pi
X
XB
0
Question which X is best for the bad guy?
17
Preliminary results (1)
18
Preliminary results (2)
19
Preliminary results (3)
20
Preliminary results (4)
21
The impact on false alarm rate and detection rate
  • The false alarm rate is dependent on the
    behavior of the good guy
  • If the good guy takes Nash strategies, the false
    alarm rate is 0
  • The detection rate can be predicted using the
    Nash Equilibrium
  • Since in many practical defense systems there is
    incomplete information to compute the Nash
    Equilibrium, the false alarm rate is usually not
    zero, and the detection rate can only be
    approximately predicted

22
Suggestions to card holders
  • Have multiple cards
  • Each card has converged usage

23
Broader Attack Prediction Applications
Attack Space
Valuable games
New attacks
Not valuable games
New types of attacks
Known types of attacks
24
Example 1 new attacks
  • There is a game for each new attack, however,
  • the attacker knows a lot about it but the
    defender knows very little
  • the attacker knows a lot about the Nash
    equilibrium, but the defender does not know
  • the attacker will not inform the defender what
    he or she knows
  • As a result, the attacker can exploit the nature
    of asymmetric information sharing to win more!
  • The defender can start to play the game only
    after the new attack happens

25
Example 2 code red
Web server
Attacker
Patch
None
0, -1
10, -10
Code Red
Low probability of being captured
None
0, 0
0, -1
Patch
None
High probability of being captured
-5, -1
5, -10
Code Red
None
0, 0
0, -1
Nash equilibrium
26
Potential impact
  • Nash equilibrium are rational predictions for
    attacks
  • Nash equilibrium can guide better defensive
    system design

27
Questions?
Thank you!
Write a Comment
User Comments (0)
About PowerShow.com