ebook img

Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Control- and Game-Theoretic Approaches to Cyber Security PDF

270 Pages·2019·15.72 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Control- and Game-Theoretic Approaches to Cyber Security

t Sushil Jajodia · George Cybenko · Peng Liu · r A - Cliff Wang · Michael Wellman (Eds.) e h t - f o y -e e v t ar u t SS 0 Adversarial 3 8 1 and Uncertain Reasoning 1 S C for Adaptive Cyber Defense N L Control- and Game-Theoretic Approaches to Cyber Security Lecture Notes in Computer Science 11830 Founding Editors Gerhard Goos Karlsruhe Institute of Technology, Karlsruhe, Germany Juris Hartmanis Cornell University, Ithaca, NY, USA Editorial Board Members Elisa Bertino Purdue University, West Lafayette, IN, USA Wen Gao Peking University, Beijing, China Bernhard Steffen TU Dortmund University, Dortmund, Germany Gerhard Woeginger RWTH Aachen, Aachen, Germany Moti Yung Columbia University, New York, NY, USA More information about this series at http://www.springer.com/series/7410 Sushil Jajodia George Cybenko (cid:129) (cid:129) Peng Liu Cliff Wang (cid:129) (cid:129) Michael Wellman (Eds.) Adversarial and Uncertain Reasoning for Adaptive Cyber Defense Control- and Game-Theoretic Approaches to Cyber Security 123 Editors Sushil Jajodia George Cybenko George MasonUniversity Dartmouth College Fairfax, VA,USA Hanover, NH,USA PengLiu Cliff Wang PennsylvaniaState University ArmyResearch Laboratory University Park, PA,USA TrianglePark, NC, USA Michael Wellman University of Michigan AnnArbor, MI,USA ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-030-30718-9 ISBN978-3-030-30719-6 (eBook) https://doi.org/10.1007/978-3-030-30719-6 LNCSSublibrary:SL4–SecurityandCryptology ©SpringerNatureSwitzerlandAG2019 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. Coverillustration:Figure5from‘AdaptiveCyberDefensesforBotnetDetectionandMitigation’,p.170 ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface Today’s cyber defenses are largely static. They are governed by slow deliberative processes involving testing, security patch deployment, and human-in-the-loop monitoring.Asaresult,adversariescansystematicallyprobetargetnetworks,pre-plan their attacks, and ultimately persist for long times inside compromised networks and hosts. In response to this situation, researchers in recent years have started to investigate variousmethodsthatmakenetworkedinformationsystemslesshomogeneousandless predictable. Thebasicidea ofAdaptation Techniques(AT) istoengineersystems that have homogeneous functionalities but randomized manifestations. Homogeneous functionality allows authorized use of networks and services in predictable, standardized ways while randomized manifestations make it difficult for attackers to engineer exploits remotely. Examples of AT include concepts such as Moving Target Defenses (MTD) as well as artificial diversity and bio-inspired defenses in order to assess the extent to which they involve system adaption for security and resiliency purposes. Unfortunately, the majority of AT research has been focused on developing specific new techniques as opposed to understanding their overall operational costs, when they are most useful, and what their possible inter-relationships might be. Moreover, the AT approaches assume stationary and stochastic, but non-adversarial, environments. Situations with intelligent peer adversaries operating in and changing a networked environment produce dynamic behaviors that violate these assumptions, potentially defeating these adaptations. This volume aims to synthesize the recent advances made by a large team of researchers working on the same U.S. Department of Defense Multidisciplinary University Research Initiative (MURI) project during 2013–2019.1 This project has developed a new class of technologies called Adaptive Cyber Defense (ACD) by building on two active but heretofore separate research areas: Adaptation Techniques and Adversarial Reasoning. Our research has yielded a rich repertoire of AT methods for introducing diversity anduncertaintyintonetworks,applications,andhosts.2Moreover,wehaveinvestigated the criteria for deciding where, when, and how to best employ available AT options. Suchmanagementdecisionsarecomplexduetotheperformanceandsecuritytradeoffs inherent in AT approaches. To address such challenges, this project has harnessed a 1 George Cybenko, Sushil Jajodia, Michael P. Wellman, Peng Liu, “Adversarial and uncertain reasoning for adaptive cyber defense: Building the cyber foundation (invited paper),” Proc. 10th Int’l.Conf.onInformationSystemsSecurity(ICISS),SpringerLectureNotesinComputerScience, Vol.8880,AtulPrakash,RudrapatnaShyamsundar,eds.,Hyderabad,India,December2014,pages 1–8. 2 SeeChapter1forabriefsummaryofadvancesdocumentedinthisbookalongwiththepointersto therelevantliterature. vi Preface broad array of Adversarial Reasoning (AR) techniques to identify effective and stable strategies for deploying AT options in operational systems. AR combines machine learning, behavioral science, operations research, control theory, and game theory to addressthegoalofcomputingeffectivestrategiesindynamic,adversarialenvironments. Thesetechniquesforceadversariestocontinuallyre-assess,re-engineer,andre-launch their cyberattacks. By integrating game-theoretic and control-theoretic analyses for tradeoffanalysis, ACD presentsadversaries with optimizedand dynamically changing attacksurfacesandsystemconfigurations,therebysignificantlyincreasingtheattacker’s workloadsanddecreasingtheirprobabilitiesofsuccess. Thiscoherentandfocusedresearchefforthasyielded:(a)scientificandengineering principles that enable effective ACD, and (b) prototypes and demonstrations of technologies embodying these principlesin severalreal-worldscenarios. Weareextremelygratefultothenumerousparticipantsfortheircontributionstothe MURI project. In particular, it is a pleasure to acknowledge the authors for their contributions. Special thanks go to the US Army Research Office (ARO) and Alfred Hofmann, Vice-President of Publishing at Springer for their support of this volume summarizing the project. We also wish to thank the Army Research Office for their financial support under the MURI grant W911NF-13-1-0421. August 2019 Sushil Jajodia George Cybenko Peng Liu Cliff Wang Michael Wellman Contents Overview of Control and Game Theory in Adaptive Cyber Defenses. . . . . . . 1 George Cybenko, Michael Wellman, Peng Liu, and Minghui Zhu Control-Theoretic Approaches to Cyber-Security. . . . . . . . . . . . . . . . . . . . . 12 Erik Miehling, Mohammad Rasouli, and Demosthenis Teneketzis Game Theoretic Approaches to Cyber Security: Challenges, Results, and Open Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Hamidreza Tavafoghi, Yi Ouyang, Demosthenis Teneketzis, and Michael P. Wellman Reinforcement Learning for Adaptive Cyber Defense Against Zero-Day Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Zhisheng Hu, Ping Chen, Minghui Zhu, and Peng Liu Moving Target Defense Quantification. . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Massimiliano Albanese, Warren Connell, Sridhar Venkatesan, and George Cybenko Empirical Game-Theoretic Methods for Adaptive Cyber-Defense . . . . . . . . . 112 Michael P. Wellman, Thanh H. Nguyen, and Mason Wright MTD Techniques for Memory Protection Against Zero-Day Attacks. . . . . . . 129 Ping Chen, Zhisheng Hu, Jun Xu, Minghui Zhu, Rob Erbacher, Sushil Jajodia, and Peng Liu Adaptive Cyber Defenses for Botnet Detection and Mitigation . . . . . . . . . . . 156 Massimiliano Albanese, Sushil Jajodia, Sridhar Venkatesan, George Cybenko, and Thanh Nguyen Optimizing Alert Data Management Processes at a Cyber Security Operations Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Rajesh Ganesan, Ankit Shah, Sushil Jajodia, and Hasan Cam Online and Scalable Adaptive Cyber Defense. . . . . . . . . . . . . . . . . . . . . . . 232 Benjamin W. Priest, George Cybenko, Satinder Singh, Massimiliano Albanese, and Peng Liu Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Overview of Control and Game Theory in Adaptive Cyber Defenses B George Cybenko1( ), Michael Wellman2, Peng Liu3, and Minghui Zhu3 1 Dartmouth, Hanover, USA [email protected] 2 University of Michigan, Michigan, USA 3 Pennsylvania State University, University Park, USA Abstract. The purpose of this chapter is to introduce cyber security researcherstokeyconceptsinmoderncontrolandgametheorythatare relevant to Moving Target Defenses and Adaptive Cyber Defense. We begin by observing that there are fundamental differences between con- trolmodelsandgamemodelsthatareimportantforsecuritypractition- ers to understand. Those differences will be illustrated through simple but realistic cyber operations scenarios, especially with respect to the typesandamountsofdatarequireformodeling.Inadditiontomodeling differences, there are a variety of ways to think about what constitutes a “solution.” Moreover, there are significant differences in the compu- tational and information requirements to compute solutions for various typesofAdaptiveCyberDefenseproblems.Thismaterialispresentedin the context of the advances documented in this book, the various chap- ters of which describe advances made in the 2012 ARO ACD MURI. · · Keywords: Control Theory Game Theory · · Adaptive Cyber Defense Moving Target Defense Autonomous Cyber Operations 1 Moving Target Defenses (MTD) The computer systems, software applications, and network technologies that we use today were developed in user and operator contexts that greatly val- ued standardization, predictability, and availability. Even today, performance and cost-effectiveness remain dominant market drivers. It is only relatively recently that security and resilience (not to be confused with fault tolerance) have become equally desirable properties of cyber systems. As a result, the first generationofcybersecuritytechnologieswerelargelybasedonsystemhardening through improved software security engineering [7,21] (to reduce vulnerabilities and attack surfaces) and layering security through defense-in-depth [28,31] (by adding encryption, access controls, firewalls, intrusion detection systems, and malware scanners, for example). These security technologies sought to respect the homogeneity, standardization, and predictability that have been so valued by the market but at the same time increasing security. (cid:2)c SpringerNatureSwitzerlandAG2019 S.Jajodiaetal.(Eds.):AdaptiveCyberDefense,LNCS11830,pp.1–11,2019. https://doi.org/10.1007/978-3-030-30719-6_1 2 G. Cybenko et al. Consequently, most of our cyber defenses remain static today. They are gov- erned by slow and deliberative processes such as software testing [40], episodic penetration testing [39], security patch deployment [32], and human-in-the-loop monitoring and analysis of security events [12,24,36]. Adversariesbenefitgreatlyfromthissituationbecausetheycancontinuously and systematically probe targeted systems with the confidence that those sys- tems will change slowly if at all. Adversaries can afford the time to engineer reliable exploits and pre-plan their attacks because their targets are essentially fixedandalmostidentical.Moreover,onceanattacksucceeds,adversariespersist for long times inside compromised networks and hosts because the hosts, net- works, and services – largely designed for availability and homogeneity – do not reconfigure, adapt or regenerate except in deterministic ways to support main- tenance and uptime requirements. This creates serious information and oppor- tunity asymmetry between IT system defenders and potential attackers [6]. Inresponsetothissituation,researchersinrecentyearshavestartedtoinves- tigate a variety of technologies that can make networked information systems less homogeneous and less predictable. Among the terms and concepts used to describe such cyber defense technologies are: – Diversity: Inspired by biological systems [23], cyber diversity is a general concept for introducing robustness and resilience into engineered systems by reducing common failure modes in redundant system components. That is, the goal is to avoid technology “monocultures” [44,53]. In cyber security systems, this is typically accomplished by introducing software or network variants appropriately [10,16,19,30]. – Randomization: One approach to introduce cyber diversity is to randomize specific components of an information system. Such randomization can be done at the low level of a system’s address space to defeat certain types of memory-based exploits [43], at the software level by generating multiple software variants through compiler randomization [30], instruction set ran- domization to defeat injected malware [9], or randomization of a network’s address space [26] or protocols [33], to give just a few examples. – Moving Target Defenses: Motivated by the observation that a moving target is harder to hit than a fixed one, the general concept behind Moving Target Defenses in the cyber domain is that an information system that changes dynamically during its operation will be more difficult for an attacker to surveil, reverse engineer and ultimately exploit with sufficient degrees of per- sistence than a fixed target [27]. Randomization and diversity are two ways toimplement moving targetdefensesbutnotallrandomization anddiversity techniquesnecessarilyrealizemovingtargets.Thatisbecausesomeimplemen- tationsofdiversityandrandomizationdonotinfactchangeduringexecution or system recovery after an attack. AbasicgoalofMovingTargettechniquesistoengineersystemsthathavehomo- geneous functionalities but dynamically different manifestations. Homogeneous functionalityallowsauthorizeduseofnetworksandservicesinpredictable,stan- dardizedwayswhilerandomizedmanifestationsmakeitdifficultforattackersto

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.