2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS) (2017)
Atlanta, Georgia, USA
June 5, 2017 to June 8, 2017
Persistent and zero-day attacks have increased considerably in the recent past in terms of scale and impact. Security experts can no longer rely only on known defenses and thereby protect their resources permanently. It is increasingly common now to observe attackers being able to repeatedly break systems exploiting new vulnerabilities and defenders hardening systems with new measures. To model this phenomenon of the repeated takeover of the computing resources by system administrators and malicious attackers, a novel game framework, FlipIt, has been proposed by (Van Dijk et al. 2013) for a system consisting of a single resource. In this paper, we extend this and develop FlipNet, which is a repeated game framework for a networked system of multiple resources. This game involves two players-a defender and an attacker. Each player's objective is to maximize its gain (i.e., its control over the nodes in the network with stealthy moves), while minimizing the cost for making those moves. This leads to a novel and natural game formulation, with a very complex strategy space, that depends on the network structure. We show that finding the best response strategy for both the defender and attacker is NP-hard. In a key result in this study, we show that the attacker's gain for an instance of the game has a type of diminishing marginal return property, which leads to a near-optimal algorithm for maximizingthe attacker's gain. We examine the impact of network structure on the strategy space using simulations.
Computational modeling, Games, Electronic mail, Computer hacking, Companies, Encryption
S. Saha, A. Vullikanti and M. Halappanavar, "FlipNet: Modeling Covert and Persistent Attacks on Networked Resources," 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, Georgia, USA, 2017, pp. 2444-2451.