Security mechanisms often require the active contribution of several parties. Using game theory, the possible strategic and selfish behaviors of parties in security mechanisms can be captured and analyzed. In other words, the game-theoretic study of security mechanisms can take into account the selfish considerations of individual agents and identify the conditions under which each possible strategy performs best. In this regards, we are working on how to model behaviors of the different entities participating in a security scenario as well as designing the useful defense mechanism for following scenarios.
1. Modeling the interaction between service provider and his client in presence of an attacker
Increasing the amount of generated data raises new challenges for processing data in large scale. The idea of outsourcing computational jobs is proposed to overcome the complexity and cost for applications that rely on big data processing. This trend is accelerated with the introduction of Cloud Computing.
Despite the huge benefits of this platform, it faces several challenges, where security issues are the biggest ones. Although service providers (SPs) aim to secure their infrastructure against threats, but it is likely that they face attackers. This issue becomes worse for the client who cannot detect whether the service provider is compromised or not. As all of these entities are rational decision makers, game theory can help us for modeling their interactions to guide the client how reacts in this system, in presence of the underlying uncertainty about the type of the service provider. In one hand, we can model the interaction between the service provider and the attacker as a non-cooperative normal form game. On the other hand, as the client faces an uncertainty and should decide to either rely on the received service from the SP or not, we can model the interaction between the client and the SP as a signaling game.
2. Moving Target Defense
Moving Target Defense (MTD) is recently defined as one of the game changers in security. By applying MTD, defenders are able to modify particular configurations in order to confuse attackers. Consequently, the attacker cannot find vulnerabilities and leverage on them to launch attacks. In this work, we first propose a framework to analyze MTD advantages and drawbacks in any given system, considering the attack surface. Our framework helps designers to find the optimal strategy to be employed with MTD, given any new type of attacks. We then define a novel mechanism to implement MTD in IPv6 networks. Our approach employs Hash Chain Functions to change IP addresses periodically and in a way that the attacker cannot find the target easily. In comparison with similar approaches, our mechanism can be implemented in a transparent way, such that the changes in IP address would not tear down the ongoing connections. Moreover, the routers between sender and receiver cannot obtain enough information about the current IP address of the sender that uses our protocol. Finally, we compute the optimal time of moves when we use MTD mechanism. We elaborate on FlipIt protocol (i.e., a defined game of stealthy takeover), considering the probability of successful attack/defense and show how these parameters can change the time of defense with MTD. We believe that our results would be the first step towards designing an efficient MTD protocol in computer networking.
3. ِDeception modeling
The number and complexity of cyber-attacks has been increasing steadily in the last years. Adversaries are targeting the communications and information systems (CIS) of government, military and industrial organizations, as well as critical infrastructures, and are willing to spend large amounts of money, time and expertise on reaching their goals. In addition, recent sophisticated insider attacks resulted in the exfiltration of highly classified information to the public. The ability of current security solutions to address such attackers has been questioned openly, deception techniques are valuable for monitoring enterprise networks and identifying attack preparation and subsequent exploitation. In this such a scenarios, defender uses incomplete information to deceive attacker, in this work we try to model this situation with incomplete game theory and extract optimize behavior for both attacker and defender.
Moreover, in Cognitive Radio (CR), if a CR network is exposed to an intelligent adversary, it can put spoofing signals into those bands that are available for secondary users (SU), so that the secondary users are deceived into believing that these bands are occupied by primary users (PU) and should not be accessed. Therefore, the available bandwidth for the CR network is reduced. In this work, we try to model PU, SU and adversary interaction with each other in order to improve primary user emulation attacks detection.
- Dr. Mohammad Hossein Manshaei
- Mohammad Taghi Adili
- Monireh Mohebbi Moghaddam
- Fatemeh Nouri
- Amin Mohammadi
- Sadegh Farhang
- Sepideh Ziaei