Attacker-Centric View of a Detection Game against Advanced Persistent Threats

对手 恶意软件 计算机网络
作者
Liang Xiao,Dongjin Xu,Narayan B. Mandayam,H. Vincent Poor
出处
期刊:IEEE Transactions on Mobile Computing [IEEE Computer Society]
卷期号:17 (11): 2512-2523 被引量:26
标识
DOI:10.1109/tmc.2018.2814052
摘要

Advanced persistent threats (APTs) are a major threat to cyber-security, causing significant financial and privacy losses each year. In this paper, cumulative prospect theory (CPT) is applied to study the interactions between a cyber system and an APT attacker when each of them makes subjective decisions to choose their scan interval and attack interval, respectively. Both the probability distortion effect and the framing effect are applied to model the deviation of subjective decisions of end-users from the objective decisions governed by expected utility theory, under uncertain attack durations in a pure-strategy game and scan interval in a mixed-strategy game. The CPT-based APT detection game incorporates both the probability weighting distortion and the framing effect of the subjective attacker and security agent of the cyber system, rather than discrete decision weights, as in earlier prospect theoretic study of APT detection. The Nash equilibria of the APT detection game are derived, showing that a subjective attacker becomes risk-seeking if the frame of reference for evaluating the utility is large, and becomes risk-averse if the frame of reference for evaluating the utility is small. A policy hill-climbing (PHC) based detection scheme is proposed to increase the policy uncertainty to fool the attacker in the dynamic game, and a “hotbooting” technique that exploits experiences in similar scenarios to initialize the quality values is developed to accelerate the learning speed of PHC-based detection. A practical example of a mobile network is presented to evaluate the performance of the proposed detection strategy. Simulation results show that the proposed strategy can improve detection performance with a higher data protection level and utilities of the cloud in the presence of an attacker compared with a standard Q-learning strategy.

科研通智能强力驱动
Strongly Powered by AbleSci AI
科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
壮壮应助sadascaqwqw采纳,获得10
1秒前
矿泉水发布了新的文献求助10
2秒前
3秒前
4秒前
深情安青应助mao采纳,获得10
5秒前
kkkk发布了新的文献求助10
7秒前
青山发布了新的文献求助10
8秒前
梅代匕花发布了新的文献求助10
10秒前
科研通AI6.2应助lxl采纳,获得10
10秒前
张匀继完成签到 ,获得积分10
10秒前
排金鑫发布了新的文献求助10
10秒前
充电宝应助aojl90采纳,获得10
10秒前
11秒前
11秒前
11秒前
12秒前
Yiy完成签到 ,获得积分0
12秒前
酷波er应助haowang采纳,获得10
12秒前
13秒前
思源应助斯文觅云采纳,获得10
15秒前
16秒前
17秒前
mao发布了新的文献求助10
17秒前
慕青应助666采纳,获得10
17秒前
18秒前
alice完成签到,获得积分10
18秒前
坚定铸海完成签到,获得积分10
19秒前
繁荣的以晴完成签到 ,获得积分10
19秒前
Levi发布了新的文献求助10
19秒前
20秒前
Xue_wenqiang完成签到,获得积分10
21秒前
21秒前
22秒前
梅代匕花发布了新的文献求助10
22秒前
科研通AI6.4应助如意的醉蓝采纳,获得100
23秒前
haowang发布了新的文献求助10
23秒前
思源应助七七采纳,获得10
23秒前
24秒前
哒丝萌德发布了新的文献求助10
24秒前
慕青应助小小白采纳,获得10
24秒前
高分求助中
Principles of Economics, 11th Edition 10000
University Physics with Modern Physics, 16th edition 10000
(应助此贴封号)【重要!!请各用户(尤其是新用户)详细阅读】【科研通的精品贴汇总】 10000
Environmental Leverage in Times of Climate Crisis: Product Standards, Carbon Border Measures and Preferential Trade Agreements 1000
Matrix Methods in Data Mining and Pattern Recognition 510
Social Skills Improvement System-Rating Scales--Chinese Version 500
Dynamische Polarisation von H-1 und B-11 in (CH-3)-3NBH-3 500
热门求助领域 (近24小时)
化学 材料科学 医学 生物 纳米技术 工程类 有机化学 化学工程 生物化学 计算机科学 内科学 物理 复合材料 催化作用 细胞生物学 无机化学 光电子学 物理化学 电极 基因
热门帖子
关注 科研通微信公众号,转发送积分 7221630
求助须知:如何正确求助?哪些是违规求助? 8851192
关于积分的说明 18677616
捐赠科研通 6880004
什么是DOI,文献DOI怎么找? 3187169
关于科研通互助平台的介绍 2351243
邀请新用户注册赠送积分活动 2161388