Cargando…
Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †
Stealth malware is a representative tool of advanced persistent threat (APT) attacks, which poses an increased threat to cyber-physical systems (CPS) today. Due to the use of stealthy and evasive techniques, stealth malwares usually render conventional heavy-weight countermeasures inapplicable. Ligh...
Autores principales: | , , , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2020
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7517520/ https://www.ncbi.nlm.nih.gov/pubmed/33286663 http://dx.doi.org/10.3390/e22080894 |
_version_ | 1783587244959858688 |
---|---|
author | Xiao, Kaiming Zhu, Cheng Xie, Junjie Zhou, Yun Zhu, Xianqiang Zhang, Weiming |
author_facet | Xiao, Kaiming Zhu, Cheng Xie, Junjie Zhou, Yun Zhu, Xianqiang Zhang, Weiming |
author_sort | Xiao, Kaiming |
collection | PubMed |
description | Stealth malware is a representative tool of advanced persistent threat (APT) attacks, which poses an increased threat to cyber-physical systems (CPS) today. Due to the use of stealthy and evasive techniques, stealth malwares usually render conventional heavy-weight countermeasures inapplicable. Light-weight countermeasures, on the other hand, can help retard the spread of stealth malwares, but the ensuing side effects might violate the primary safety requirement of CPS. Hence, defenders need to find a balance between the gain and loss of deploying light-weight countermeasures, which normally is a challenging task. To address this challenge, we model the persistent anti-malware process as a shortest-path tree interdiction (SPTI) Stackelberg game with both static version (SSPTI) and multi-stage dynamic version (DSPTI), and safety requirements of CPS are introduced as constraints in the defender’s decision model. The attacker aims to stealthily penetrate the CPS at the lowest cost (e.g., time, effort) by selecting optimal network links to spread, while the defender aims to retard the malware epidemic as much as possible. Both games are modeled as bi-level integer programs and proved to be NP-hard. We then develop a Benders decomposition algorithm to achieve the Stackelberg equilibrium of SSPTI, and design a Model Predictive Control strategy to solve DSPTI approximately by sequentially solving an [Formula: see text] approximation of SSPTI. Extensive experiments have been conducted by comparing proposed algorithms and strategies with existing ones on both static and dynamic performance metrics. The evaluation results demonstrate the efficiency of proposed algorithms and strategies on both simulated and real-case-based CPS networks. Furthermore, the proposed dynamic defense framework shows its advantage of achieving a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS. |
format | Online Article Text |
id | pubmed-7517520 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2020 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-75175202020-11-09 Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework † Xiao, Kaiming Zhu, Cheng Xie, Junjie Zhou, Yun Zhu, Xianqiang Zhang, Weiming Entropy (Basel) Article Stealth malware is a representative tool of advanced persistent threat (APT) attacks, which poses an increased threat to cyber-physical systems (CPS) today. Due to the use of stealthy and evasive techniques, stealth malwares usually render conventional heavy-weight countermeasures inapplicable. Light-weight countermeasures, on the other hand, can help retard the spread of stealth malwares, but the ensuing side effects might violate the primary safety requirement of CPS. Hence, defenders need to find a balance between the gain and loss of deploying light-weight countermeasures, which normally is a challenging task. To address this challenge, we model the persistent anti-malware process as a shortest-path tree interdiction (SPTI) Stackelberg game with both static version (SSPTI) and multi-stage dynamic version (DSPTI), and safety requirements of CPS are introduced as constraints in the defender’s decision model. The attacker aims to stealthily penetrate the CPS at the lowest cost (e.g., time, effort) by selecting optimal network links to spread, while the defender aims to retard the malware epidemic as much as possible. Both games are modeled as bi-level integer programs and proved to be NP-hard. We then develop a Benders decomposition algorithm to achieve the Stackelberg equilibrium of SSPTI, and design a Model Predictive Control strategy to solve DSPTI approximately by sequentially solving an [Formula: see text] approximation of SSPTI. Extensive experiments have been conducted by comparing proposed algorithms and strategies with existing ones on both static and dynamic performance metrics. The evaluation results demonstrate the efficiency of proposed algorithms and strategies on both simulated and real-case-based CPS networks. Furthermore, the proposed dynamic defense framework shows its advantage of achieving a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS. MDPI 2020-08-15 /pmc/articles/PMC7517520/ /pubmed/33286663 http://dx.doi.org/10.3390/e22080894 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Xiao, Kaiming Zhu, Cheng Xie, Junjie Zhou, Yun Zhu, Xianqiang Zhang, Weiming Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework † |
title | Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework † |
title_full | Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework † |
title_fullStr | Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework † |
title_full_unstemmed | Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework † |
title_short | Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework † |
title_sort | dynamic defense against stealth malware propagation in cyber-physical systems: a game-theoretical framework † |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7517520/ https://www.ncbi.nlm.nih.gov/pubmed/33286663 http://dx.doi.org/10.3390/e22080894 |
work_keys_str_mv | AT xiaokaiming dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework AT zhucheng dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework AT xiejunjie dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework AT zhouyun dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework AT zhuxianqiang dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework AT zhangweiming dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework |