FlipThem: Modeling targeted attacks with FlipIt for multiple resources

被引：47

作者：

Laszka, Aron ^{[1
]}

Horvath, Gabor ^{[2
]}

Felegyhazi, Mark ^{[2
]}

Buttyán, Levente ^{[2
]}

机构：

[1] Institute for Software Integrated Systems (ISIS), Vanderbilt University, Nashville

[2] Department of Networked Systems and Services (HIT), Budapest University of Technology and Economics (BME), Budapest

来源：

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | 2014年 / 8840卷

基金：

美国国家科学基金会;

关键词：

Advanced persistent threats; Attacker-defender games; FlipIt; Game theory; Targeted attacks;

D O I：

10.1007/978-3-319-12601-2_10

中图分类号：

学科分类号：

摘要：

Recent high-profile targeted attacks showed that even the most secure and secluded networks can be compromised by motivated and resourceful attackers, and that such a system compromise may not be immediately detected by the system owner. Researchers at RSA proposed the FlipIt game to study the impact of such stealthy takeovers. In the basic FlipIt game, an attacker and a defender fight over a single resource; in practice, however, systems typically consist of multiple resources that can be targeted. In this paper, we present FlipThem, a generalization of FlipIt to multiple resources. To formulate the players’ goals and study their best strategies, we introduce two control models: in the AND model, the attacker has to compromise all resources in order to take over the entire system, while in the OR model, she has to compromise only one. Our analytical and numerical results provide practical recommendations for defenders. © Springer International Publishing Switzerland 2014.

引用

页码：175 / 194

页数：19

共 20 条

[1] Bowers K.D., Van Dijk M., Griffin R., Juels A., Oprea A., Rivest R.L., Triandopoulos N., Defending against the unknown enemy: Applying flipIt to system security, GameSec 2012. LNCS, 7638, pp. 248-263, (2012)
[2] (2011)
[3] Van Dijk M., Juels A., Oprea A., Rivest R.L., FlipIt: The game of “stealthy takeover”. Cryptology ePrint Archive, (2012)
[4] Falliere N., Murchu L.O., Chien E., W32.Stuxnet Dossier, (2011)
[5] Finkle J., Shalal-Esa A., Hackers breached U.S. defense contractors
[6] Grossklags J., Reitter D., How task familiarity and cognitive predispositions impact behavior in a security game of timing, Proceedings of the 27th IEEE Computer Security Foundations Symposium, (2014)
[7] (2012)
[8] (2013)
[9] Laszka A., Felegyhazi M., Buttyan L., A survey of interdependent security games. Tech. Rep, (2012)
[10] Laszka A., Horvath G., Felegyhazi M., Buttyan L., FlipThem: Modeling targeted attacks with FlipIt for multiple resources

← 1 2 →