Attacker-Centric View of a Detection Game against Advanced Persistent Threats

对手 恶意软件 计算机网络
作者
Liang Xiao,Dongjin Xu,Narayan B. Mandayam,H. Vincent Poor
出处
期刊:IEEE Transactions on Mobile Computing [IEEE Computer Society]
卷期号:17 (11): 2512-2523 被引量:26
标识
DOI:10.1109/tmc.2018.2814052
摘要

Advanced persistent threats (APTs) are a major threat to cyber-security, causing significant financial and privacy losses each year. In this paper, cumulative prospect theory (CPT) is applied to study the interactions between a cyber system and an APT attacker when each of them makes subjective decisions to choose their scan interval and attack interval, respectively. Both the probability distortion effect and the framing effect are applied to model the deviation of subjective decisions of end-users from the objective decisions governed by expected utility theory, under uncertain attack durations in a pure-strategy game and scan interval in a mixed-strategy game. The CPT-based APT detection game incorporates both the probability weighting distortion and the framing effect of the subjective attacker and security agent of the cyber system, rather than discrete decision weights, as in earlier prospect theoretic study of APT detection. The Nash equilibria of the APT detection game are derived, showing that a subjective attacker becomes risk-seeking if the frame of reference for evaluating the utility is large, and becomes risk-averse if the frame of reference for evaluating the utility is small. A policy hill-climbing (PHC) based detection scheme is proposed to increase the policy uncertainty to fool the attacker in the dynamic game, and a “hotbooting” technique that exploits experiences in similar scenarios to initialize the quality values is developed to accelerate the learning speed of PHC-based detection. A practical example of a mobile network is presented to evaluate the performance of the proposed detection strategy. Simulation results show that the proposed strategy can improve detection performance with a higher data protection level and utilities of the cloud in the presence of an attacker compared with a standard Q-learning strategy.

科研通智能强力驱动
Strongly Powered by AbleSci AI
科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
molihuakai应助Wxj246801采纳,获得10
1秒前
4秒前
安详的匪完成签到,获得积分10
5秒前
脑洞疼应助苹果信封采纳,获得10
8秒前
东晓发布了新的文献求助10
10秒前
10秒前
11秒前
刘茂云完成签到,获得积分20
11秒前
12秒前
14秒前
田様应助huxiaowen采纳,获得10
14秒前
刘茂云发布了新的文献求助10
14秒前
Wxj246801发布了新的文献求助10
16秒前
16秒前
lizard956完成签到 ,获得积分10
17秒前
平常安完成签到,获得积分10
17秒前
冰山完成签到,获得积分10
17秒前
雪雪完成签到 ,获得积分10
17秒前
18秒前
科研通AI6.3应助刘桔采纳,获得10
18秒前
18秒前
18秒前
温软九三发布了新的文献求助10
19秒前
20秒前
健忘怜雪完成签到,获得积分10
20秒前
21秒前
21秒前
CX330完成签到,获得积分10
21秒前
F123发布了新的文献求助10
22秒前
ZMY应助缥缈的道天采纳,获得10
23秒前
Jasper应助陶醉的难破采纳,获得10
25秒前
歪比巴卜发布了新的文献求助10
26秒前
FashionBoy应助科研通管家采纳,获得10
26秒前
打打应助科研通管家采纳,获得10
26秒前
上官若男应助科研通管家采纳,获得10
26秒前
淡然的芹应助科研通管家采纳,获得10
26秒前
Owen应助科研通管家采纳,获得10
26秒前
充电宝应助科研通管家采纳,获得10
26秒前
淡然的芹应助科研通管家采纳,获得10
26秒前
Au_应助科研通管家采纳,获得10
27秒前
高分求助中
Principles of Economics, 11th Edition 10000
Prescott's Microbiology: 2026 Release ISE 10000
University Physics with Modern Physics, 16th edition 10000
Cronologia da história de Macau 5000
Environmental Leverage in Times of Climate Crisis: Product Standards, Carbon Border Measures and Preferential Trade Agreements 1000
Interactions of Vowel Quality and Prosody in East Slavic 1000
Matrix Methods in Data Mining and Pattern Recognition 510
热门求助领域 (近24小时)
化学 材料科学 医学 生物 纳米技术 工程类 有机化学 化学工程 生物化学 计算机科学 内科学 物理 复合材料 催化作用 细胞生物学 无机化学 光电子学 物理化学 电极 基因
热门帖子
关注 科研通微信公众号,转发送积分 7157539
求助须知:如何正确求助?哪些是违规求助? 8801832
关于积分的说明 18600494
捐赠科研通 6759270
什么是DOI,文献DOI怎么找? 3161927
关于科研通互助平台的介绍 2297103
邀请新用户注册赠送积分活动 2136590