skip to main content

Title: Efficient Network Protection Games Against Multiple Types Of Strategic Attackers
This paper considers network protection games against different types of attackers for a heterogeneous network system with N units. A defender, by applying resources to networked units, can decrease the units’ vulnerabilities. At the same time, the defender needs to take into account the cost of using defense resources. Two non-zero sum Nash games against two different types of attackers are studied. The first type tries to maximize damage based on the value of security assets related to networked units, while the second type aims at infiltrating the network. The analyses show that there exists a cut-off index determining the set of units that will be protected in the equilibrium strategies of the first game, while either all units or none will be covered in the equilibria of the second game. An application of the network protection game to secure wireless communication networks is presented.
Award ID(s):
Publication Date:
Journal Name:
2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)
Page Range or eLocation-ID:
pp. 2620 - 2624,
Sponsoring Org:
National Science Foundation
More Like this
  1. Considered is a network of parallel wireless channels in which individual parties are engaged in secret communication under the protection of cooperative jamming. A strategic eavesdropper selects the most vulnerable channels to attack. Existing works usually suggest the defender allocate limited cooperative jamming power to various channels. However, it usually requires some strong assumptions and complex computation to find such an optimal power control policy. This paper proposes a probabilistic cooperative jamming scheme such that the defender focuses on protecting randomly selected channels. Two different cases regarding each channel’s eavesdropping capacity are discussed. The first case studies the general scenario where each channel has different eavesdropping capacity. The second case analyzes an extreme scenario where all channels have the same eavesdropping capacity. Two non-zero-sum Nash games model the competition between the network defender and an eavesdropper in each case. Furthermore, considering the case that the defender does not know the eavesdropper’s channel state information (CSI) leads to a Bayesian game. For all three games, we derive conditions for the existence of a unique Nash equilibrium (NE), and obtain the equilibria and the value functions in closed form.
  2. With the increasing penetration of cyber systems in the power grid, it is becoming increasingly imperative to deploy adequate security measures all across the grid to secure it against any kind of cyber threat. Since financial resources for investment in security are limited, optimal allocation of these cybersecurity resources in the grid is extremely important. At the same time, optimization of these investments proves to be challenging due to the uncertain behavior of attackers and the dynamically changing threat landscape. Existing solutions for this problem either do not address the dynamic behavior of adversaries or lack in the practical feasibility of the defense models. This paper addresses the problem of optimizing investment strategies in the cybersecurity infrastructure of a smart grid using a game-theoretic approach. The attacker is modeled using various attacker profiles which represent the possible types of adversaries in the context of CPS. Each profile has certain characteristics to bring out the aspect of uncertain behavior of the adversaries. The defender is modeled with various pragmatic characteristics that can be easily translated to the real-world grid scenarios for implementation. These characteristics include the standards laid down by the North American Electric Reliability Corporation (NERC) for Critical Infrastructure Protectionmore »(CIP) commonly known as the NERC-CIP standards. The game-theoretic framework allows us to obtain optimal strategies that the defender of the grid can adopt to minimize its losses against the possible attack threats on the grid. The concept is illustrated by a simplistic 3-bus power system model case study which depicts how the solution can be translated to practical implementation in the actual grid.« less
  3. Most of the cybersecurity research focus on either presenting a specific vulnerability %or hacking technique, or proposing a specific defense algorithm to defend against a well-defined attack scheme. Although such cybersecurity research is important, few have paid attention to the dynamic interactions between attackers and defenders, where both sides are intelligent and will dynamically change their attack or defense strategies in order to gain the upper hand over their opponents. This 'cyberwar' phenomenon exists among most cybersecurity incidents in the real world, which warrants special research and analysis. In this paper, we propose a dynamic game theoretic framework (i.e., hyper defense) to analyze the interactions between the attacker and the defender as a non-cooperative security game. The key idea is to model attackers/defenders to have multiple levels of attack/defense strategies that are different in terms of effectiveness, strategy costs, and attack gains/damages. Each player adjusts his strategy based on the strategy's cost, potential attack gain/damage, and effectiveness in anticipating of the opponent's strategy. We study the achievable Nash equilibrium for the attacker-defender security game where the players employ an efficient strategy according to the obtained equilibrium. Furthermore, we present case studies of three different types of network attacks and putmore »forth how our hyper defense system can successfully model them. Simulation results show that the proposed game theoretical system achieves a better performance compared to two other fixed-strategy defense systems.« less
  4. d. Many of the infrastructure sectors that are considered to be crucial by the Department of Homeland Security include networked systems (physical and temporal) that function to move some commodity like electricity, people, or even communication from one location of importance to another. The costs associated with these flows make up the price of the network’s normal functionality. These networks have limited capacities, which cause the marginal cost of a unit of flow across an edge to increase as congestion builds. In order to limit the expense of a network’s normal demand we aim to increase the resilience of the system and specifically the resilience of the arc capacities. Divisions of critical infrastructure have faced difficulties in recent years as inadequate resources have been available for needed upgrades and repairs. Without being able to determine future factors that cause damage both minor and extreme to the networks, officials must decide how to best allocate the limited funds now so that these essential systems can withstand the heavy weight of society’s reliance. We model these resource allocation decisions using a two-stage stochastic program (SP) for the purpose of network protection. Starting with a general form for a basic two-stage SP, wemore »enforce assumptions that specify characteristics key to this type of decision model. The second stage objective—which represents the price of the network’s routine functionality—is nonlinear, as it reflects the increasing marginal cost per unit of additional flow across an arc. After the model has been designed properly to reflect the network protection problem, we are left with a nonconvex, nonlinear, nonseparable risk-neutral program. This research focuses on key reformulation techniques that transform the problematic model into one that is convex, separable, and much more solvable. Our approach focuses on using perspective functions to convexify the feasibility set of the second stage and second order conic constraints to represent nonlinear constraints in a form that better allows the use of computational solvers. Once these methods have been applied to the risk-neutral model we introduce a risk measure into the first stage that allows us to control the balance between an efficient, solvable model and the need to hedge against extreme events. Using Benders cuts that exploit linear separability, we give a decomposition and solution algorithm for the general network model. The innovations included in this formulation are then implemented on a transportation network with given flow demand« less
  5. This work proposes a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs) against power grids. A CCPA consists of a physical attack, such as disconnecting a transmission line, followed by a coordinated cyber attack that injects false data into the sensor measurements to mask the effects of the physical attack. Such attacks can lead to undetectable line outages and cause significant damage to the grid. The main idea of the proposed approach is to invalidate the knowledge that the attackers use to mask the effects of the physical attack by actively perturbing the grid’s transmission line reactances using distributed flexible AC transmission system (D-FACTS) devices. We identify the MTD design criteria in this context to thwart CCPAs. The proposed MTD design consists of two parts. First, we identify the subset of links for D-FACTS device deployment that enables the defender to detect CCPAs against any link in the system. Then, in order to minimize the defense cost during the system’s operational time, we use a game-theoretic approach to identify the best subset of links (within the D-FACTS deployment set) to perturb which will provide adequate protection. Extensive simulations performed using the MATPOWER simulator on IEEE bus systemsmore »verify the effectiveness of our approach in detecting CCPAs and reducing the operator’s defense cost.« less