This work examines propagation of cyber-threats over networks under an adversarial formulation. Exploiting Kendall's birth-death-immigration model, we propose an analytical framework to describe the stochastic dynamics of cyber-threat propagation in a collection of heterogeneous sub-networks characterized by different attributes. We propose two formalisations of the problem as zero-sum games involving two adversaries: an attacker, who launches cyber-threats across the distinct sub-networks; and a defender, who tries to mitigate the threats by delivering suitable countermeasures. According to the first formalisation, the interplay between the defender and the attacker is modelled as a Stackelberg leader-follower game, while the second formalisation considers a strategic game wherein the two contenders play simultaneously without knowing the choice of the other player. We derive the equilibrium strategies for both versions of the game, and discuss a number of insightful interplays and ramifications of the different equilibrium points for the problem at hand. The equilibrium strategies depend on three fundamental attributes: i ) the available resource budget of the attacker and the defender; ii ) the capacity of the legitimate nodes to (unintentionally) forward the threat across the network, after they have been compromised during the propagation of the threat; iii ) the intrinsic characteristics of the sub-networks, namely, their immunity to the attacks, their inertia in responding to the countermeasures, and the importance of the individual sub-networks. The relevance of the proposed solution is illustrated through a series of examples and numerical simulations.

Adversarial Kendall's Model towards Containment of Distributed Cyber-Threats

Addesso P.;Barni M.;Di Mauro M.;Matta V.
2021-01-01

Abstract

This work examines propagation of cyber-threats over networks under an adversarial formulation. Exploiting Kendall's birth-death-immigration model, we propose an analytical framework to describe the stochastic dynamics of cyber-threat propagation in a collection of heterogeneous sub-networks characterized by different attributes. We propose two formalisations of the problem as zero-sum games involving two adversaries: an attacker, who launches cyber-threats across the distinct sub-networks; and a defender, who tries to mitigate the threats by delivering suitable countermeasures. According to the first formalisation, the interplay between the defender and the attacker is modelled as a Stackelberg leader-follower game, while the second formalisation considers a strategic game wherein the two contenders play simultaneously without knowing the choice of the other player. We derive the equilibrium strategies for both versions of the game, and discuss a number of insightful interplays and ramifications of the different equilibrium points for the problem at hand. The equilibrium strategies depend on three fundamental attributes: i ) the available resource budget of the attacker and the defender; ii ) the capacity of the legitimate nodes to (unintentionally) forward the threat across the network, after they have been compromised during the propagation of the threat; iii ) the intrinsic characteristics of the sub-networks, namely, their immunity to the attacks, their inertia in responding to the countermeasures, and the importance of the individual sub-networks. The relevance of the proposed solution is illustrated through a series of examples and numerical simulations.
2021
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4782343
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 15
  • ???jsp.display-item.citation.isi??? 11
social impact