This work examines propagation of cyber-threats over networks under an adversarial formulation. Exploiting Kendall's birth-death-immigration model, we propose an analytical framework to describe the stochastic dynamics of cyber-threat propagation in a collection of heterogeneous sub-networks characterized by different attributes. We propose two formalisations of the problem as zero-sum games involving two adversaries: an attacker, who launches cyber-threats across the distinct sub-networks; and a defender, who tries to mitigate the threats by delivering suitable countermeasures. According to the first formalisation, the interplay between the defender and the attacker is modelled as a Stackelberg leader-follower game, while the second formalisation considers a strategic game wherein the two contenders play simultaneously without knowing the choice of the other player. We derive the equilibrium strategies for both versions of the game, and discuss a number of insightful interplays and ramifications of the different equilibrium points for the problem at hand. The equilibrium strategies depend on three fundamental attributes: i ) the available resource budget of the attacker and the defender; ii ) the capacity of the legitimate nodes to (unintentionally) forward the threat across the network, after they have been compromised during the propagation of the threat; iii ) the intrinsic characteristics of the sub-networks, namely, their immunity to the attacks, their inertia in responding to the countermeasures, and the importance of the individual sub-networks. The relevance of the proposed solution is illustrated through a series of examples and numerical simulations.
Adversarial Kendall's Model towards Containment of Distributed Cyber-Threats
Addesso P.;Barni M.;Di Mauro M.;Matta V.
2021-01-01
Abstract
This work examines propagation of cyber-threats over networks under an adversarial formulation. Exploiting Kendall's birth-death-immigration model, we propose an analytical framework to describe the stochastic dynamics of cyber-threat propagation in a collection of heterogeneous sub-networks characterized by different attributes. We propose two formalisations of the problem as zero-sum games involving two adversaries: an attacker, who launches cyber-threats across the distinct sub-networks; and a defender, who tries to mitigate the threats by delivering suitable countermeasures. According to the first formalisation, the interplay between the defender and the attacker is modelled as a Stackelberg leader-follower game, while the second formalisation considers a strategic game wherein the two contenders play simultaneously without knowing the choice of the other player. We derive the equilibrium strategies for both versions of the game, and discuss a number of insightful interplays and ramifications of the different equilibrium points for the problem at hand. The equilibrium strategies depend on three fundamental attributes: i ) the available resource budget of the attacker and the defender; ii ) the capacity of the legitimate nodes to (unintentionally) forward the threat across the network, after they have been compromised during the propagation of the threat; iii ) the intrinsic characteristics of the sub-networks, namely, their immunity to the attacks, their inertia in responding to the countermeasures, and the importance of the individual sub-networks. The relevance of the proposed solution is illustrated through a series of examples and numerical simulations.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.