Browse > Article
http://dx.doi.org/10.4218/etrij.2019-0152

Honeypot game-theoretical model for defending against APT attacks with limited resources in cyber-physical systems  

Tian, Wen (School of Automation, Nanjing University of Science and Technology)
Ji, Xiao-Peng (School of Automation, Nanjing University of Science and Technology)
Liu, Weiwei (School of Automation, Nanjing University of Science and Technology)
Zhai, Jiangtao (School of Electrics and Information Engineering, Jiangsu University of Science and Technology)
Liu, Guangjie (School of Automation, Nanjing University of Science and Technology)
Dai, Yuewei (School of Electrics and Information Engineering, Jiangsu University of Science and Technology)
Huang, Shuhua (School of Automation, Nanjing University of Science and Technology)
Publication Information
ETRI Journal / v.41, no.5, 2019 , pp. 585-598 More about this Journal
Abstract
A cyber-physical system (CPS) is a new mechanism controlled or monitored by computer algorithms that intertwine physical and software components. Advanced persistent threats (APTs) represent stealthy, powerful, and well-funded attacks against CPSs; they integrate physical processes and have recently become an active research area. Existing offensive and defensive processes for APTs in CPSs are usually modeled by incomplete information game theory. However, honeypots, which are effective security vulnerability defense mechanisms, have not been widely adopted or modeled for defense against APT attacks in CPSs. In this study, a honeypot game-theoretical model considering both low- and high-interaction modes is used to investigate the offensive and defensive interactions, so that defensive strategies against APTs can be optimized. In this model, human analysis and honeypot allocation costs are introduced as limited resources. We prove the existence of Bayesian Nash equilibrium strategies and obtain the optimal defensive strategy under limited resources. Finally, numerical simulations demonstrate that the proposed method is effective in obtaining the optimal defensive effect.
Keywords
advanced persistent threat; cyber security; game theory; honeypot; limited resources;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Y.F. Li et al, Nonlane-discipline-based car-following model for electric vehicles in transportation-cyber-physical systems, IEEE Trans. Intell. Transp. Syst 19 (2017), no. 1, 38-47.   DOI
2 O. Yagan et al, Optimal allocation of interconnecting links in cyber-physical systems: Interdependence, cascading failures, and robustness, IEEE Trans. Parallel. Distrib. Syst. 23 (2012), no. 9, 1708-1720.   DOI
3 C. Tankard, Advanced persistent threats and how to monitor and deter them, Netw. Secur. 8 (2011), 16-19.   DOI
4 P. Giura and W. Wang, A context-based detection framework for advanced persistent threats, in Int. Conf. CyberSecurity, Washington, DC, USA, 2012, pp. 69-74.
5 K. Wang et al, Game-theory-based active defense for intrusion detection in cyber-physical embedded systems, ACM Trans. Embed. Comput. Syst. 16 (2016), no. 1, 1-18.
6 A.J. Cao, B.X. Liu, and R.S. Xu, Summary of the honeynet and entrapment defense technology, Comput. Eng. 30 (2004), no. 9, 1-3.   DOI
7 M.A. Faisal et al, Data-stream-based intrusion detection system for advanced metering infrastructure in smart grid: a feasibility study, IEEE Syst. J. 9 (2015), 31-44.   DOI
8 F. Zhang et al, Honeypot: a supplemented active defense system for network security, in Int. Conf. Parallel Distrib. Comput., Chengdu, China, 2003, pp. 231-235.
9 G. Portokalidis and H. Bos, Sweetbait: zero-hour worm detection and containment using low-and high-interaction honeypots, Comput. Netw. 51 (2007), no. 5, 1256-1274.   DOI
10 M. Nawrocki et al, A survey on honeypot software and data analysis, 2016, Available from: arXiv preprint arXiv:1608.06249.
11 G. Howser and B. McMillin, A modal model of stuxnet attacks on cyber-physical systems: A matter of trust, in Eighth Int. Conf. Softw. Security Reliability, San Francisco, USA, 2014, pp. 225-234.
12 S. Jajodia et al, Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Springer, New York, 2012.
13 K. Sood and R.J. Enbody, Targeted cyberattacks: a superset of advanced persistent threats, IEEE Secur. Priv. 11 (2013), 54-61.   DOI
14 J. Pawlick, S. Farhang, and Q. Zhu, Flip the cloud: cyber-physical signaling games in the presence of advanced persistent threats, in Int. Conf. Decision Game Theory Security, London, UK, Nov. 2015, pp. 289-308.
15 M.H. Min et al, Defense against advanced persistent threats in dynamic cloud storage: a colonel blotto game approach, IEEE Internet Things J. 5 (2018), no. 6, 4250-4261.   DOI
16 Z. Xu and Q. Zhu, Secure and resilient control design for cloud enabled networked control systems, in Proc. ACM Workshop Cyber-Phys. Syst.-Security, Denver, CO, USA, Oct. 2015, pp. 31-42.
17 C. Stoll, The cuckoo's egg: tracking a spy through the maze of computer espionage, Simon and Schuster, New York, 1989.
18 N. Provos, A virtual honeypot framework, USENIX Secur. Symp. 173 (2004), 1-14.
19 S. Vetsch, Glastopfng: A web attack honeypot, VDM Verlag, New York, 2011.
20 L. Xiao et al, Cloud storage defense against advanced persistent threats: a prospect theoretic study, IEEE J. Sel. Areas Commun. 35 (2017), no. 3, 534-544.   DOI
21 D. Fronimos, E. Magkos, and V. Chrissikopoulos, Evaluating low interaction honeypots and on their use against advanced persistent threats, in Proc. Panhellenic Conf. Inform., Athens, Greece, Oct. 2014, pp. 1-2.
22 R. Jasek, M. Kolarik, and T. Vymola, Apt detection system using honeypots, in Proc. Int. Conf. Appl. Inform. Commun., Valencia, Spain, Aug. 2013, pp. 25-29.
23 K. Wang et al, Strategic honeypot game model for distributed denial of service attacks in the smart grid, IEEE Trans. Smart Grid 8 (2017), no. 5, 2474-2482.   DOI
24 M. Van Dijk et al, Flipit: the game of "stealthy takeover", J. Cryptol. 26 (2013), 655-713.   DOI
25 Q. Zhu and T. Basar, Game-theoretic approach to feedback- driven multi-stage moving target defense, in Int. Conf. Decision Game Theory Security, Fort Worth, TX, USA, Nov. 2013, pp. 246-263.
26 N.S.V. Rao et al, Cyber-physical correlation effects in defense games for large discrete infrastructures, Games 9 (2018), no. 52, 1-24.   DOI
27 J. Zhuang, V.M. Bier, and O. Alagoz, Modeling secrecy and deception in a multiple-period attacker-defender signaling game, Eur. J. Oper. Res. 202 (2010), no. 3, 409-418.
28 H. Ceker et al, Deception-based game theoretical approach to mitigate dos attacks, in Int. Conf. Decision Game Theory Security, New York, NY, USA, Nov. 2016, pp. 13-38.
29 N.S.V. Rao et al, Defense of cyber infrastructures against cyber-physical attacks using game-theoretic models, Risk Anal. 36 (2016), no. 4, 694-710.   DOI
30 S. Saha, A. Vullikanti, and M. Halappanavar, Flipnet: Modeling covert and persistent attacks on networked resources, in IEEE Int. Conf. Distrib. Comput. Syst., Atlanta, GA, USA, June 2017, pp. 2444-2451.
31 J. Levine et al, The use of honeynets to detect exploited systems across large enterprise networks, IEEE Syst. Man Cybern. Soc., West Point, NY, USA, June 2003, pp. 92-99.
32 A. Sanjab, W. Saad, and T. Basar, Prospect theory for enhanced cyber-physical security of drone delivery systems: a network interdiction game, IEEE Int. Conf. Commun. (ICC), Paris, France, May 2017, pp. 1-6.
33 W. Tian et al, Defense strategies against network attacks in cyber-physical systems with analysis cost constraint based on honeypot game model, Comput. Mater. Continua 60 (2019), no. 1, 193-211.   DOI