Cargando…

Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †

Stealth malware is a representative tool of advanced persistent threat (APT) attacks, which poses an increased threat to cyber-physical systems (CPS) today. Due to the use of stealthy and evasive techniques, stealth malwares usually render conventional heavy-weight countermeasures inapplicable. Ligh...

Descripción completa

Detalles Bibliográficos
Autores principales: Xiao, Kaiming, Zhu, Cheng, Xie, Junjie, Zhou, Yun, Zhu, Xianqiang, Zhang, Weiming
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2020
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7517520/
https://www.ncbi.nlm.nih.gov/pubmed/33286663
http://dx.doi.org/10.3390/e22080894
_version_ 1783587244959858688
author Xiao, Kaiming
Zhu, Cheng
Xie, Junjie
Zhou, Yun
Zhu, Xianqiang
Zhang, Weiming
author_facet Xiao, Kaiming
Zhu, Cheng
Xie, Junjie
Zhou, Yun
Zhu, Xianqiang
Zhang, Weiming
author_sort Xiao, Kaiming
collection PubMed
description Stealth malware is a representative tool of advanced persistent threat (APT) attacks, which poses an increased threat to cyber-physical systems (CPS) today. Due to the use of stealthy and evasive techniques, stealth malwares usually render conventional heavy-weight countermeasures inapplicable. Light-weight countermeasures, on the other hand, can help retard the spread of stealth malwares, but the ensuing side effects might violate the primary safety requirement of CPS. Hence, defenders need to find a balance between the gain and loss of deploying light-weight countermeasures, which normally is a challenging task. To address this challenge, we model the persistent anti-malware process as a shortest-path tree interdiction (SPTI) Stackelberg game with both static version (SSPTI) and multi-stage dynamic version (DSPTI), and safety requirements of CPS are introduced as constraints in the defender’s decision model. The attacker aims to stealthily penetrate the CPS at the lowest cost (e.g., time, effort) by selecting optimal network links to spread, while the defender aims to retard the malware epidemic as much as possible. Both games are modeled as bi-level integer programs and proved to be NP-hard. We then develop a Benders decomposition algorithm to achieve the Stackelberg equilibrium of SSPTI, and design a Model Predictive Control strategy to solve DSPTI approximately by sequentially solving an [Formula: see text] approximation of SSPTI. Extensive experiments have been conducted by comparing proposed algorithms and strategies with existing ones on both static and dynamic performance metrics. The evaluation results demonstrate the efficiency of proposed algorithms and strategies on both simulated and real-case-based CPS networks. Furthermore, the proposed dynamic defense framework shows its advantage of achieving a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS.
format Online
Article
Text
id pubmed-7517520
institution National Center for Biotechnology Information
language English
publishDate 2020
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-75175202020-11-09 Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework † Xiao, Kaiming Zhu, Cheng Xie, Junjie Zhou, Yun Zhu, Xianqiang Zhang, Weiming Entropy (Basel) Article Stealth malware is a representative tool of advanced persistent threat (APT) attacks, which poses an increased threat to cyber-physical systems (CPS) today. Due to the use of stealthy and evasive techniques, stealth malwares usually render conventional heavy-weight countermeasures inapplicable. Light-weight countermeasures, on the other hand, can help retard the spread of stealth malwares, but the ensuing side effects might violate the primary safety requirement of CPS. Hence, defenders need to find a balance between the gain and loss of deploying light-weight countermeasures, which normally is a challenging task. To address this challenge, we model the persistent anti-malware process as a shortest-path tree interdiction (SPTI) Stackelberg game with both static version (SSPTI) and multi-stage dynamic version (DSPTI), and safety requirements of CPS are introduced as constraints in the defender’s decision model. The attacker aims to stealthily penetrate the CPS at the lowest cost (e.g., time, effort) by selecting optimal network links to spread, while the defender aims to retard the malware epidemic as much as possible. Both games are modeled as bi-level integer programs and proved to be NP-hard. We then develop a Benders decomposition algorithm to achieve the Stackelberg equilibrium of SSPTI, and design a Model Predictive Control strategy to solve DSPTI approximately by sequentially solving an [Formula: see text] approximation of SSPTI. Extensive experiments have been conducted by comparing proposed algorithms and strategies with existing ones on both static and dynamic performance metrics. The evaluation results demonstrate the efficiency of proposed algorithms and strategies on both simulated and real-case-based CPS networks. Furthermore, the proposed dynamic defense framework shows its advantage of achieving a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS. MDPI 2020-08-15 /pmc/articles/PMC7517520/ /pubmed/33286663 http://dx.doi.org/10.3390/e22080894 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Xiao, Kaiming
Zhu, Cheng
Xie, Junjie
Zhou, Yun
Zhu, Xianqiang
Zhang, Weiming
Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †
title Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †
title_full Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †
title_fullStr Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †
title_full_unstemmed Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †
title_short Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †
title_sort dynamic defense against stealth malware propagation in cyber-physical systems: a game-theoretical framework †
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7517520/
https://www.ncbi.nlm.nih.gov/pubmed/33286663
http://dx.doi.org/10.3390/e22080894
work_keys_str_mv AT xiaokaiming dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework
AT zhucheng dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework
AT xiejunjie dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework
AT zhouyun dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework
AT zhuxianqiang dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework
AT zhangweiming dynamicdefenseagainststealthmalwarepropagationincyberphysicalsystemsagametheoreticalframework