Professional Documents
Culture Documents
5 th
2018 International Conference on “Computing for Sustainable Global Development”, 14 th – 18th March, 2018
Bharati Vidyapeeth’s Institute of Computer Applications and Management (BVICAM), New Delhi (INDIA)
Abstract – The threat of an impending cyber war entails an vulnerabilities of intermediary nodes. Different vulnerability-
ever more pervasive network for military and governance, exploit chains may serve different objectives of the attacker
where attacks by nation-states are very sophisticated and and can pose serious threats to target network. In real
persistent. Quantification of cyber threats is required in cyber networks there are many interconnected nodes and hence there
warfare domain so that a proper decision and assessment are multiple vulnerability-exploit chains and when these
framework can be built for the attacker as well as the chains are combined for analysis, it forms an attack graph.
defender for analysis and planning. The security analyst may employ various attack graph
This paper presents a research towards building a decision generating tools to have a deep insight into the vulnerabilities
support system (DSS) for an attacker, when multiple options of one's own system and network, beforehand knowledge of
are available. The same model can be employed by a defender different paths or ways in which her/his network can be
to do proactive analysis of the attacker's behavior so as to attacked or most probable attack route to penetrate his network
deploy resources effectively. In this paper, we show how and statistically know which attack paths are mostly taken by
attack graphs can be used to depict any possible multi-host, any attacker. But the drawback here is that as we add nodes in
multi-stage cyber-attacks. Further, we present a game a network, the possible attack paths increase exponentially,
theoretic model to analyze, at each node of the graph, how the which renders this approach practically infeasible, at least for
defender can strategize against the attacks to defend the cyber human capability.
assets in most efficient ways. At this stage, employing a game theoretic model [2] may
provide numerous advantages. For one, game theory resolves
Keywords – Adjacency Matrix, Attack Graph, CVSS score, the problem of examining exponentially numerous scenarios
Game Theory, Nash Equilibrium, Lemke Howson algorithm, as it provides such capability. Next, it provides framework for
Mixed Strategy coming up with options for next course of actions with
quantitative measure for outcome of each action. Hence, it
I. INTRODUCTION provides a good quantitative analytical framework for DSS.
Third, it provides platform for comparison of different policy
In today’s world, modernization of armed forces- more
or plans by comparative analysis of decision points, which can
specifically command and control, digitization of governance
be employed in real warfare scenario [3].
and interconnection of SCADA has increased the usage of
When an attacker is at node i and it is possible for him to
networked communications which led to indispensability to
reach at, say, three different nodes from node i, then we
protect cyber assets more than ever before. It also leads to a
investigate the application of game theory in analyzing the
situation when-if an attacker gets hold of one machine, it is
decision processes involved in the competitive scenario
very likely that (s)he would try to compromise more machines
between the attacker and the defender for each of those three
by breaking through the target network. More so when nation
system nodes. We model this scenario at each node as a non-
state is involved as in cyber war, the attack becomes more
cooperative, non-zero-sum game between the two players i.e.
persistent and the attack vector more sophisticated. For
defender and the attacker. We will demonstrate a matrix game
studying such multi-stage, multi-host attacks, Phillips and
between the 2 players in which the payoffs of the players will
Swiler [1] proposed the concept of network attack graphs.
be assigned in accordance to the results of a vulnerability
Attack graphs enumerates target network, with its cyber and
scoring engine (CVSS) [4] which assigns a severity score to
network entities as nodes and connection as edges. Its analysis
each vulnerability scanned by a vulnerability scanner software
can elucidate different approaches to reach and attack the target
called NESSUS [5]. We will compute the equilibrium
resources. These approaches are fundamentally vulnerability-
strategies at each node of the matrix game using a program we
exploit chains formed by sequence of exploitation of multiple
developed in MATLAB [6]. With the help of our model, the
Proceedings of the 12th INDIACom; INDIACom-2018
5 2018 International Conference on “Computing for Sustainable Global Development”, 14 th – 16th March, 2018
th
attacker can have a decision support system for choosing vulnerability e.g. open ports and exploitation capability to
alternatives and the defender will try to deploy its major leverage those vulnerabilities.
defence resources effectively in its network to provide Network connectivity can be done by utilizing network
maximum security when and where required. enumeration tools like Zenmap. It gives a glimpse of
We start with brief introduction and requirement for such interconnectivity among nodes and can help build the
research, in section II we delve upon related research works. adjacency matrix.
Section III explains linkage of attack graph to our present
research and section IV explains model we developed including
game theoretic analysis of attack graph. Section V explains
progress of the game and how the mixed strategy Nash
Equilibrium is relevant to cyber war. In section VI we have
concluded the paper at the end and touched upon how the
research can be made more advanced in the near future
and came up with optimal action for both attacker and defender
N0 0 1 0 1 1 0 0 0 0 0 0
for network security. Stackelberg game models have been used
for analyzing attacker’s adaptive behavior [15] and have also
been used in conjugation with multi-criteria decision process to N1 0 0 0 0 0 0 0 1 0 0 0
predict attacker’s next move by updating the learning based on
attacker’s current moves [16] [17]. In addition to game theory N2 0 0 0 0 0 0 0 0 0 0 0
Vulnerability of a network system can be at network level, host information set (the attack graph is private information to the
level or at application level, which can provide different access defender).
levels to the system. NESSUS is a vulnerability scanner
developed by Tenable Network Security used for vulnerability, A. Model
policy violating configurations and malware identification [5].
We define a node as any computing machine ( database server,
The NESSUS scan provides information on individual hosts
web server, workstation, virtual machine, desktop or a
and open ports and associates each identified vulnerability to
personal device) and network entity ( router, gateway, bridges,
the Common Vulnerability Scoring System (CVSS) [4] score
switches, hubs, etc.). We can model applications or services as
which later helped us in the construction of our payoff matrices
nodes, but our present model does not consider this. We define
for the Game Theoretic Model.
a set of nodes or cyber entities, N = { n0 , n1 , n2 , n3 ,…} ,
We will generate the attack graph starting from the attacker
where n0 corresponds to the attacker node.
source node (N0). The graph, consisting of nodes (one attacker
There are three possible scenarios for n0 :
node N0, and other multiple target nodes from N1 to N10) and
Case 1: n0 is the direct attacker node. The attacker directly
arrows, will be a representation of all the nodes in the network
launches attack from its system. This is a very naïve approach,
and how they are connected to each other.
as such an attack can easily be traced back to the attacker and
The attack graph based on the before mentioned adjacency
proper counterattack can be launched. So, in reality, this
matrix is given below. Here, the arrows from one node to
approach is employed by inexperienced hackers and not by
another indicate the major attacks possible on the scanned
nation states for waging cyber wars.
vulnerabilities of the target node
N0
N1 N3 N4
N5
N6
N7 Target
N8 system
Fig. 3. Attacker directly attacking target network
N9
Case 2: Attacker is routing its attack from some other node.
This is done by using proxies such as TOR or using zombies
N2 N10 created for such purpose. In this case, attribution becomes
very difficult and hence traceability to the attacker and
chances of counterattacks are minimized.
Fig. 2. A attack Graph based on Table I Adj Matrix
Case 3: In DDoS attacks, a distributed set of nodes attacks the attacker will take to exploit each of the vulnerability scanned
target system in a well synchronized manner. Here, mostly by the NESSUS scanner like
hired botnets are employed and nodes are located in physically crack_root_password_of_the_file_server, run_DOS_virus, etc.
diverse locations and as in case 2, the attribution and chances The defender’s action set, B, can be a set of the possible
of counterattacks are very miniscule. responses to the attacker’s action like set_an_alarm,
install_sniffer_detector, etc. For the purpose of this paper, we
confine the action set of the defender to only two actions:
defend and no defence.
Exploits consist of combinations of exploits and payloads. C. Calculating equilibrium for each node
Each exploit has some gain for the attacker and loss for
defender in terms of loss of privacy (probe result), loss of We investigate the equilibrium of each matrix (each
confidentiality, loss of integrity and loss of availability. representing the attacker-defender game at a unique graph
Each of these parameters can be modelled, e.g. Loss of node) using formal game theory methods. Once the payoff
Confidentiality (LoC) = K0 + p (a1 , a2 , a3 , …), which is matrices are formed for both the row and the column players,
beyond the scope of this paper. For our purpose, we will use the program calculates the Nash equilibrium strategy for each
CVSS score which will be good proxy for gain for attacker or possible target node. We will use Mixed Strategy Nash
loss for defender, as it includes, among many other, Equilibrium to calculate the probability distribution with
confidentiality impact, integrity impact and availability impact. which the players will choose different actions in order to
Hence, there is a mapping from each exploit to a real number achieve the optimal output. On running our program, we
as we obtain the results in the form of the probabilities associated
with each action at each node. For a pure strategy Nash
Define f: E R+, as a one-to-one function assigning a Equilibrium, the probability distribution will assign a
positive real number to each element of E. Hence, each exploit probability of 1 to the dominant strategy.
is associated with a payoff value for the attacker (negative for
defender). D. Infinitely Repeated Game
Action Sets of the players: Let A be the action set of the
attacker. Set A will be defined as the possible actions an
Game Theory based Attack Graph Analysis for Cyber War Strategy
Firstly, we scanned 10 network nodes using NESSUS to get Here, A1 to A7 are possible actions that the attacker can use in
vulnerabilities of each machine. Though it gives defender’s order to exploit different vulnerabilities of the respective node.
perspective of the network, the attacker can employ network In the case of this node, A1 for example refers to the action an
scanning tools to have similar perspective. It may be possible attacker will take to attack the system against the vulnerability
that the attacker and the defender may have different attack “Network Time Protocol Daemon (ntpd) read_mru_list()
graphs, which entails altogether different game theory models Remote DoS” and A2 is the action used to exploit “Redis
and, at present, is left for future research. Here, we present Server Unprotected by Password Authentication” and so on.
simplistic and realistic implementation of the model. A Next, in order to find the equilibrium strategies for the players,
snapshot from the NESSUS output CSV file (abridged) is given we have made use of a function which works on a variation of
below for a machine, addressed 127.0.0.1, in the local network. the Lemke Howson algorithm. Developed by Carlton E.
Lemke [23] and J.T. Howson, the algorithm is considered to
be one of the most efficient algorithm used for calculating
Nash Equilibrium for a two player bi-matrix game. This
function derives the mixed strategy Nash Equilibria for our
cyber war game. The output of the function is a 2-dimensional
array which stores the probabilities that the defender and the
attacker should associate with each action [24]. If there is a
Proceedings of the 12th INDIACom; INDIACom-2018
5 2018 International Conference on “Computing for Sustainable Global Development”, 14 th – 16th March, 2018
th
pure strategy Nash equilibrium i.e. there is a particular row for [4] First.org, "CVSS Schoring Scheme: Specification Document,"
the row player (defender) which dominates all the other rows of First.org, 2015.
the payoff matrix of the defender or similarly, a column for the [5] Tenable, "Nessus Vulnerability Scanner," [Online]. Available:
column player (attacker) which dominates all the other columns https://www.tenable.com/products/nessus-vulnerability-scanner.
of the attacker’s matrix, then the output of the function assigns [6] Applied Game Theory and Strategic Behaviour, Taylor and
a probability of 1 to that row or column [25]. Francis, 2010.
For example, for a network with one node and three [7] Alpcan, Tansu and Tamer Basar, "A Game Theoretic Approach
vulnerabilities, the output (1, 0); (0.6, 0.2, 0.2) means that the to Decision and Analysis in Network Intrusion Detection," in
defender should always play its first action (should always 42nd IEEE Conference on Decision and Control, Maui, 2003.
defend) and the attacker should exploit the first vulnerability [8] Palvi Aggarwal, Cleotilde Gonzalez, Varun Dutt, "Cyber
with a probability of 0.6 and the second and the third Security: Role of Deception in Cyber Attack Detection," in
vulnerability with a probability of 0.2 each. In the next step, we dvances in Intelligent Sytem and Computing, 2016.
scan the row of the adjacency matrix of the present node. It will [9] Zahid Maqbool, Nidhi Makhijani, V S Chandrashekhar Pammi
give us the nodes that can be reached through the present node. and Varun Dutt, "Effects of Motivation: Rewarding hackers for
Next, we repeat same game theory model to have optimum undetected attacks cause Analysts to Perform Poorly," Human
strategy for attacker and defender. We continue till we reach Factors, pp. 1-12, 2016.
the leaf nodes of the attack graph. [10] Changchun Wang, Changhui Shi ,Chong Wang ,Ying Fu, "An
Analyzing Method for Computer Network Security Based on
VII. CONCLUSION AND FUTURE SCOPE Markov Game Model," pp. 454-458, 2016.
[11] Karel Durkota, Viliam Lisy, Branislav Bosansky, Christopher
The increasing number of cyber-attacks on assets containing Kikintveld, "Optimal Network Security Hardening Using Attack
confidential data causes a great threat to the world we are Graph Games," in International Joint Conference on Artificial
living in. In order to reduce the risk to our machines by the Intelligence (IJCAI 2015), 2015.
ever-improving network savvy attackers, we need more and [12] Keywhan Chung, et al "Game Theory with Learning for Cyber
better development in the realm of cyber security. Our Security Monitoring," in International Symposium on High
interdisciplinary model is one such step towards building an Assurance Systems Engineering, 2016.
improvised network security application. The inclusion of [13] Yu Liu, Cristina Comaniciu, Hong Man, "A Bayesian Game
game theory in the cyber security scenario can prove fruitful in Approach for Intrusion Detection in Wireless Ad-hoc networks,"
the longer run as game theory is so far, the best scientific in GameNets '06 Proceeding from the 2006 workshop on Game
domain which can assist in understanding competitive theory for communications and networks, Pisa, Italy, 2006.
interactions between players. Our model assists the defender in [14] Wing, Kong-wei Lye and Jeannette, "Game Strategies in
deciding whether to take action or not and can easily be Network Security," School of Computer Science Carnegie
extended to incorporate more actions. As a natural extension to Mellon University , Pittsburgh, PA 15213, 2002.
present research, the game could be modelled as a Stochastic [15] Karel Durkota, et al "Case Studies of Network Defense with
Markov Process. As, in the realm of cyber war, the interaction Attack Graph Games," IEEE Intelligent Systems, pp. 24-30,
of the two players consistent, the probabilities of attack and 2016.
attacker/defender action could be modelled as Bayesian belief [16] Yu Liu, Cristina Comaniciu, Hong Man, "A fictitious play-based
network. response strategy for multistage intrusion defense system,"
Security and Communication Network, pp. 473-491, 2013.
ACKNOWLEDGEMENT [17] Yi Luo, Ferenc Szidarovszky, Youssif Al-Nashif, Salim Hariri,
"Game Theory Based Network Security," Journal of Information
We sincerely thank Director, ISSA for his constant support and Security, pp. 41-44 , 2010.
able guidance to conduct such research and for permitting to
[18] Andrew Fielder, et al "Game Theory Meets Information Security
publish and present the paper at the conference. Management," International Federation for Information
processing, pp. 15-29, 2014.
REFERENCES [19] Kien C. Nguyen, Tansu Alpcan and Tamer Basar, "Security
Games with Incomplete Information," UIUC, 2008.
[1] Swiler L P, C Phillips, D Ellis and S Chakerian,"Computer [20] Jorma Jormakkal and Jarmo V. E. Molsa, "Modelling
Attack Graph Generation Tool," in DARPA Information Information Warfare as a Game," Journol of Informotion
Survivability Conference , 2001. Warfare.
[2] S. Tadelis, Game Theory An Introduction, Princeton and Oxford: [21] P. K. Mishra, "Cyber Defence Response: An approch towards
Princeton University Press, 2013. defending cyber assets," in National Conference on Cyber
Security, Pune, 2012.
[3] Samuel N Hamilton, Wendy L Miller, Allen Ott, O. Sami
Saydjari. "The Role of Game Theory in Information Warfare," in [22] You, Xia Zheng and Zhang Shiyong, "A Kind of network
4th Information Survivality Workshop(ISW-2001/2002), security behavior model Based on game theory," in Parallel and
Vancouver, 2002. Distributed computing, application and Technologies, Chengdu,
China, 2003.
Game Theory based Attack Graph Analysis for Cyber War Strategy