DOI QR코드

DOI QR Code

Honeypot game-theoretical model for defending against APT attacks with limited resources in cyber-physical systems

  • Tian, Wen (School of Automation, Nanjing University of Science and Technology) ;
  • Ji, Xiao-Peng (School of Automation, Nanjing University of Science and Technology) ;
  • Liu, Weiwei (School of Automation, Nanjing University of Science and Technology) ;
  • Zhai, Jiangtao (School of Electrics and Information Engineering, Jiangsu University of Science and Technology) ;
  • Liu, Guangjie (School of Automation, Nanjing University of Science and Technology) ;
  • Dai, Yuewei (School of Electrics and Information Engineering, Jiangsu University of Science and Technology) ;
  • Huang, Shuhua (School of Automation, Nanjing University of Science and Technology)
  • Received : 2019.04.01
  • Accepted : 2019.07.29
  • Published : 2019.10.01

Abstract

A cyber-physical system (CPS) is a new mechanism controlled or monitored by computer algorithms that intertwine physical and software components. Advanced persistent threats (APTs) represent stealthy, powerful, and well-funded attacks against CPSs; they integrate physical processes and have recently become an active research area. Existing offensive and defensive processes for APTs in CPSs are usually modeled by incomplete information game theory. However, honeypots, which are effective security vulnerability defense mechanisms, have not been widely adopted or modeled for defense against APT attacks in CPSs. In this study, a honeypot game-theoretical model considering both low- and high-interaction modes is used to investigate the offensive and defensive interactions, so that defensive strategies against APTs can be optimized. In this model, human analysis and honeypot allocation costs are introduced as limited resources. We prove the existence of Bayesian Nash equilibrium strategies and obtain the optimal defensive strategy under limited resources. Finally, numerical simulations demonstrate that the proposed method is effective in obtaining the optimal defensive effect.

Keywords

References

  1. Y.F. Li et al, Nonlane-discipline-based car-following model for electric vehicles in transportation-cyber-physical systems, IEEE Trans. Intell. Transp. Syst 19 (2017), no. 1, 38-47. https://doi.org/10.1109/tits.2017.2691472
  2. O. Yagan et al, Optimal allocation of interconnecting links in cyber-physical systems: Interdependence, cascading failures, and robustness, IEEE Trans. Parallel. Distrib. Syst. 23 (2012), no. 9, 1708-1720. https://doi.org/10.1109/TPDS.2012.62
  3. C. Tankard, Advanced persistent threats and how to monitor and deter them, Netw. Secur. 8 (2011), 16-19. https://doi.org/10.1016/S1353-4858(11)70086-1
  4. K. Sood and R.J. Enbody, Targeted cyberattacks: a superset of advanced persistent threats, IEEE Secur. Priv. 11 (2013), 54-61. https://doi.org/10.1109/MSP.2013.51
  5. P. Giura and W. Wang, A context-based detection framework for advanced persistent threats, in Int. Conf. CyberSecurity, Washington, DC, USA, 2012, pp. 69-74.
  6. K. Wang et al, Game-theory-based active defense for intrusion detection in cyber-physical embedded systems, ACM Trans. Embed. Comput. Syst. 16 (2016), no. 1, 1-18.
  7. A.J. Cao, B.X. Liu, and R.S. Xu, Summary of the honeynet and entrapment defense technology, Comput. Eng. 30 (2004), no. 9, 1-3. https://doi.org/10.3969/j.issn.1000-3428.2004.09.001
  8. F. Zhang et al, Honeypot: a supplemented active defense system for network security, in Int. Conf. Parallel Distrib. Comput., Chengdu, China, 2003, pp. 231-235.
  9. G. Portokalidis and H. Bos, Sweetbait: zero-hour worm detection and containment using low-and high-interaction honeypots, Comput. Netw. 51 (2007), no. 5, 1256-1274. https://doi.org/10.1016/j.comnet.2006.09.005
  10. M. Nawrocki et al, A survey on honeypot software and data analysis, 2016, Available from: arXiv preprint arXiv:1608.06249.
  11. M.A. Faisal et al, Data-stream-based intrusion detection system for advanced metering infrastructure in smart grid: a feasibility study, IEEE Syst. J. 9 (2015), 31-44. https://doi.org/10.1109/JSYST.2013.2294120
  12. G. Howser and B. McMillin, A modal model of stuxnet attacks on cyber-physical systems: A matter of trust, in Eighth Int. Conf. Softw. Security Reliability, San Francisco, USA, 2014, pp. 225-234.
  13. S. Jajodia et al, Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Springer, New York, 2012.
  14. J. Pawlick, S. Farhang, and Q. Zhu, Flip the cloud: cyber-physical signaling games in the presence of advanced persistent threats, in Int. Conf. Decision Game Theory Security, London, UK, Nov. 2015, pp. 289-308.
  15. Z. Xu and Q. Zhu, Secure and resilient control design for cloud enabled networked control systems, in Proc. ACM Workshop Cyber-Phys. Syst.-Security, Denver, CO, USA, Oct. 2015, pp. 31-42.
  16. C. Stoll, The cuckoo's egg: tracking a spy through the maze of computer espionage, Simon and Schuster, New York, 1989.
  17. N. Provos, A virtual honeypot framework, USENIX Secur. Symp. 173 (2004), 1-14.
  18. S. Vetsch, Glastopfng: A web attack honeypot, VDM Verlag, New York, 2011.
  19. L. Xiao et al, Cloud storage defense against advanced persistent threats: a prospect theoretic study, IEEE J. Sel. Areas Commun. 35 (2017), no. 3, 534-544. https://doi.org/10.1109/JSAC.2017.2659418
  20. M.H. Min et al, Defense against advanced persistent threats in dynamic cloud storage: a colonel blotto game approach, IEEE Internet Things J. 5 (2018), no. 6, 4250-4261. https://doi.org/10.1109/JIOT.2018.2844878
  21. D. Fronimos, E. Magkos, and V. Chrissikopoulos, Evaluating low interaction honeypots and on their use against advanced persistent threats, in Proc. Panhellenic Conf. Inform., Athens, Greece, Oct. 2014, pp. 1-2.
  22. R. Jasek, M. Kolarik, and T. Vymola, Apt detection system using honeypots, in Proc. Int. Conf. Appl. Inform. Commun., Valencia, Spain, Aug. 2013, pp. 25-29.
  23. K. Wang et al, Strategic honeypot game model for distributed denial of service attacks in the smart grid, IEEE Trans. Smart Grid 8 (2017), no. 5, 2474-2482. https://doi.org/10.1109/TSG.2017.2670144
  24. M. Van Dijk et al, Flipit: the game of "stealthy takeover", J. Cryptol. 26 (2013), 655-713. https://doi.org/10.1007/s00145-012-9134-5
  25. Q. Zhu and T. Basar, Game-theoretic approach to feedback- driven multi-stage moving target defense, in Int. Conf. Decision Game Theory Security, Fort Worth, TX, USA, Nov. 2013, pp. 246-263.
  26. J. Zhuang, V.M. Bier, and O. Alagoz, Modeling secrecy and deception in a multiple-period attacker-defender signaling game, Eur. J. Oper. Res. 202 (2010), no. 3, 409-418.
  27. H. Ceker et al, Deception-based game theoretical approach to mitigate dos attacks, in Int. Conf. Decision Game Theory Security, New York, NY, USA, Nov. 2016, pp. 13-38.
  28. N.S.V. Rao et al, Defense of cyber infrastructures against cyber-physical attacks using game-theoretic models, Risk Anal. 36 (2016), no. 4, 694-710. https://doi.org/10.1111/risa.12362
  29. N.S.V. Rao et al, Cyber-physical correlation effects in defense games for large discrete infrastructures, Games 9 (2018), no. 52, 1-24. https://doi.org/10.3390/g9010001
  30. S. Saha, A. Vullikanti, and M. Halappanavar, Flipnet: Modeling covert and persistent attacks on networked resources, in IEEE Int. Conf. Distrib. Comput. Syst., Atlanta, GA, USA, June 2017, pp. 2444-2451.
  31. J. Levine et al, The use of honeynets to detect exploited systems across large enterprise networks, IEEE Syst. Man Cybern. Soc., West Point, NY, USA, June 2003, pp. 92-99.
  32. A. Sanjab, W. Saad, and T. Basar, Prospect theory for enhanced cyber-physical security of drone delivery systems: a network interdiction game, IEEE Int. Conf. Commun. (ICC), Paris, France, May 2017, pp. 1-6.
  33. W. Tian et al, Defense strategies against network attacks in cyber-physical systems with analysis cost constraint based on honeypot game model, Comput. Mater. Continua 60 (2019), no. 1, 193-211. https://doi.org/10.32604/cmc.2019.05290

Cited by

  1. Game Theoretic Honeypot Deployment in Smart Grid vol.20, pp.15, 2020, https://doi.org/10.3390/s20154199
  2. A game‐theoretic approach for ensuring trustworthiness in cyber‐physical systems with applications to multiloop UAV control vol.32, pp.5, 2021, https://doi.org/10.1002/ett.4042