Game-Theoretical Model for Cyber-warfare Strategies" (54 characters)

Using game theory to analyze cyber warfare, this study explores strategic decision-making in cyber-attacks and defense, considering factors like vulnerability disclosure, exploit generation, and uncertainty of adversaries. It outlines competitive scenarios, action sequences for zero-day vulnerabilities, and the potential impact of different strategies on national security. Real-world implications and past research findings are also discussed.

• Cyber-warfare
• Game theory
• National security
• Vulnerability disclosure
• Zero-day vulnerabilities (Cyber-warfare
• Game theory
• Security
• Vulnerabilities
• National security)

alo_cac Follow

Uploaded on Nov 27, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games Tiffany Bao , Yan Shoshitaishvili , Fish Wang Christopher Kruegel , Giovanni Vigna , David Brumley Carnegie Mellon University, UC Santa Barbara

2. Cyber Grand Challenge (CGC) First Place: $2,000,000 Second Place: $1,000,000 Third Place: $750,000 2

3. Strategy Matters First Place: $2,000,000 Second Place: $1,000,000 Third Place: $750,000 if you choose to do nothing. 3

4. Real World National Security Agency discloses 91% of the zero-day vulnerabilities (that it discovers in software made and/or used in the U.S. to developers). Admiral Michael Rogers, Director of the NSA 4

5. 1. Action Sequence For a zero-day vulnerability + Withhold and Attack Disclose and Patch 5

6. 1. Action Sequence 100 80 60 # Vulnerable Machine Player 1 Player 2 40 Player 1 attacks Player 2 20 0 Time # Vulnerable Machines over Patching Time 6

7. 2. Uncertainty of the Other Players Has another player discovered the vulnerability yet? How likely will another player discover the vulnerability in the future? 7

8. 3. Ricochet & Patch-based Exploit Generation (PEG) The Ricochet attack: to generate an exploit based on a receiving exploit [1]. The Patch-based Exploit Generation (PEG): to generate an exploit based on a receiving patch. [1] T. Bao, Y. Shoshitaishvili, R. Wang and D. Brumley. Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits, Proceedings of the 38th IEEE Symposium on Security and Privacy, 2017. 8

9. Previous Work Cyber-hawk[2] No Schramm et al.[3] Yes Our Work Yes Action Sequence Uncertainty of the other players Ricochet + PEG Yes No Yes No No Yes [2] T. Moore, A. Friedman, and A. D. Procaccia. Would a cyber warrior protect us? Exploring trade-offs between attack and defense of information systems. In Proceedings of the Workshop on New Security Paradigms, pages 85 94, 2010 [3] H. C. Schramm, D. L. Alderson, W. M. Carlyle, and N. B. Dimitrov. A game theoretic model of strategic conflict in cyberspace. Military Operations Research, 19(1):5 17, 2014. 10

10. Our Work: the Cyber-warfare Model Scope One vulnerability Independent and rational players Outline One player: the player model Multiple players: the game model Nash equilibrium 11

11. Player Model Knowing a Zero-day Vulnerability Player Action Player s Machines 12

12. Player Model Discover by self Observe disclosure from the others Player Action Detect exploits from the others Player s Machines 13

13. Player Model Discover by self Exploit Generation Observe disclosure from the others Patch-based Exploit Player Generation Action Detect exploits from the others The Ricochet Attack Player s Machines 14

14. Player Parameters Exploit Generation Discover by self Attack Patch-based Exploit Observe disclosure from the others Player Generation Patch Detect exploits from the others The Ricochet Attack Player s Machines 15

15. Player State and Player Action Player States Not Discovered a zero-day vulnerability Discovered a zero-day vulnerability Player Actions : Nop : Attack, Patch, Stockpile 16

16. Player State and Player Action Not discovered Collect Information Discovered Make a Decision Attack Stockpile Patch Nop End 17

17. Multiple Players Player 1 Player 2 Attack Stockpile Patch Nop Player 2 Nop Nop Attack Stockpile Patch Nop Attack Attack Stockpile Player 1 Stockpile Patch Patch Not discovered Discovered 18

18. Rounded Game: Game Tree Player 1 Player 2 Player 2 A, N S, N P, N Nop Attack Stockpile Player 1 Patch Not discovered Discovered 19

19. Stochastic Game N, N S, N P, N A, N 20

20. Incomplete Information Player 1 Player 2 Attack Stockpile Patch Nop Player 2 Nop Nop Attack Stockpile Patch Nop Attack Attack Stockpile Player 1 Stockpile Patch Patch Not discovered Discovered 21

21. Player 1s Perspective Attack Stockpile Patch Nop Attack Attack Stockpile Stockpile Patch Patch Not discovered Discovered 22

22. Player 2s Perspective Attack Stockpile Patch Nop Attack Stockpile Patch Attack Stockpile Patch Not discovered Discovered 23

23. Ricochet + PEG Exploit Generation Exploit Generation Automatic Patch-based Automatic Patch-based Player Exploit Generation Player Exploit Generation The Ricochet Attack The Ricochet Attack Player 1 Player 2 24

24. Ricochet Exploit Generation Exploit Generation Automatic Patch-based Automatic Patch-based Player Exploit Generation Player Exploit Generation Attack The Ricochet Attack The Ricochet Attack Attack Player 1 Player 2 25

25. Patch-based Exploit Generation Exploit Generation Exploit Generation Automatic Patch-based Automatic Patch-based Player Exploit Generation Player Exploit Generation Attack The Ricochet Attack The Ricochet Attack Patch Player 1 Player 2 26

26. Game Model Therefore, we model the game as: a stochastic game, and an incomplete information game. Partial-observation Stochastic Game (POSG). 27

27. Computing Nash Equilibrium Nash equilibrium: the strategy profile where all players play their optimal strategy. Computing the Nash equilibrium for POSG is known to be intractable[4]. [4] L. MacDermed, C. L. Isbell, and L. Weiss. Markov games of incomplete information for multi-agent reinforcement learning. In Workshops at the Twenty-Fifth AAAI Conference on Artificial Intelligence, pages 43 51, 2011. 28

28. Computing Nash Equilibrium For the Cyber-warfare game, we observe: Players infer the the other player s state by player s parameters. Assuming the parameters are accessible, thus the inference is also public. Convert from POSG to Stochastic Game (SG) Compute the Nash equilibrium for SG using the Shapley Method (dynamic programming). 29

29. Evaluation 1: Review Previous Conclusions Cyber-hawk[2] No Schramm et al.[3] Yes Our Work Yes Action Sequence Uncertainty of the other players Ricochet+PEG Yes No Yes No No Yes It is possible that neither player wants to attack. The attacking player(s) should attack right away. At least one player wants to attack. Conclusion [2] T. Moore, A. Friedman, and A. D. Procaccia. Would a cyber warrior protect us? Exploring trade-offs between attack and defense of information systems. In Proceedings of the Workshop on New Security Paradigms, pages 85 94, 2010 [3] H. C. Schramm, D. L. Alderson, W. M. Carlyle, and N. B. Dimitrov. A game theoretic model of strategic conflict in cyberspace. Military Operations Research, 19(1):5 17, 2014. 30

30. Neither Player Attacks Player 1 discovers the vulnerability Player 2 generates the exploit #Vulnerable Machines Player 1 Player 2 20 15 10 5 0 Round 0 3 12 31

31. Evaluation 2: Cyber Grand Challenge Strategic-Shellphish: Shellphish + strategy based on the Cyber-warfare model. Consider all the teams as one player. Strategic-Shellphish 268543 280000 270000 Shellphish 254452 260000 250000 Score 240000 230000 220000 210000 A C' B C D E F G Team (Sorted by Score) 32

32. Conclusion Cyber-warfare game, which addresses the limitations of previous work regarding: Actions over time Ricochet and Patch-based exploit generation Uncertainty of the other player We find a method to compute the Nash Equilibrium of the Cyber-warfare game. Applications: We observe that Ricochet may lead to neither players attack. We could help teams such as Shellphish with more scores. 33

33. Questions? 34

34. END

35. Multiple Players Actions over Time T0 T1 T2 T3 Time T0. A vulnerability is introduced. T1.Player 1 realizes the vulnerability. T2.Player 1 launches an attack. T3.Player 1 starts to patch and Player 2 realizes the vulnerability. 36