Incentive-based modeling and inference of Attacker Intent, Objectives, and Strategies

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2003, Pages 179-189

  Liu, Peng ^a   Zang, Wanyu ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

Attack Prediction; Computer Security; Game Theory

Indexed keywords

COMPUTER CRIME; COMPUTER NETWORKS; GAME THEORY; RANDOM PROCESSES; RISK ASSESSMENT; TELECOMMUNICATION TRAFFIC;

ATTACK PREDICTION; ATTACKERS; BAYES-NASH EQUILIBRIUM; RUN TIME;

SECURITY OF DATA;

EID: 14344258545     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/948109.948135     Document Type: Conference Paper

References (34)

1. The network simulator ns-2. http://www.isi.edu/nsnam/ns/.
2. H. Browne, W. A. Arbaugh, J. McHugh, and W. L. Fithen. A trend analysis of exploitations. In Proc. 2001 IEEE Symposium on Security and Privacy, pages 214-229, May 2001.
3. R. Browne. C4i defensive infrastructure for survivability against multi-mode attacks. In Proc. 21st Century Military Communications - Architectures and Technologies for Information Superiority, 2000.
4. D. Buike. Towards a game theory model of information warfare. Technical report, Airforce Institute of Technology, 1999. Master's Thesis.
5. E. H. Clarke. Multipart pricing of public goods. Public Choice, 11:17-33, 1971.
6. V. Conitzer and T. Sandholm. Complexity results about nash equilibria. Technical report, Carnegie Mellon University, 2002. CMU-CS-02-135.
7. F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proc. IEEE Symposium on Security and Privacy, 2002.
8. H. Debar and A. Wespi. Aggregation and correlation of intrusion detection alerts. In Recent Advances in Intrusion Detection, LNCS 2212, pages 85-103. 2001.
9. J. Feigenbaum, C. Papadimitriou, R. Sami, and S. Shenker. A bgp-based mechanism for lowest-cost routing. In Proc. 21st ACM Symposium on Principles of Distributed Computing, 2002.
10. A. M. Fink. Equilibrium in a stochastic n-person game. Journal of Science in Hiroshima University, Series A-I, (28):89-93, 1964.
11. L. A. Gordon and M. P. Loeb. Using information security as a response to competitor analysis systems. Communications of the ACM, 44(9):70-75, 2001.
12. T. Groves. Incentives in teams. Econometrica, 41:617-663, 1973.
13. J. P. Hespanha and S. Bohacek. Preliminary results in routing games. In Proc. 2001 American Control Conference, 2001.
14. J. Nash. Equilibrium Points in n-Person Games Proceedings of the National Academy of Sciences, 36, 1950.
15. J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against ddos attacks. In Proc. 2002 Network and Distributed Systems Security, 2002.
16. D. Koller and B. Milch. Multi-agent influence diagrams for representing and solving games. In Proc. 17th International Joint Conference on Artificial Intelligence, 2001.
17. C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi. A taxonomy of computer program security flaws. ACM Computing Surveys, 26(3), 1994.
18. P. Liu, S. Jajodia, and C.D. McCollum. Intrusion confinement by isolation in information systems. Journal of Computer Security, 8(4):243-279, 2000.
19. T.F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12 (4):405-418, June 1993.
20. K. Lye and J. M. Wing. Game strategies in network security. In Proc. 15th IEEE Computer Security Foundations Workshop, 2002.
21. D. Malkhi and M. K. Reiter. Secure execution of Java applets using a remote playground. IEEE Transactions on Software Engineering, 26(12), 2000.
22. A. Mas-Colell, M. D. Whinston, and J. R. Green. Microeconomic Theory. Oxford University Press, 1 edition, 1995.
23. J. McHugh. Intrusion and intrusion detection. International Journal of Information Security, (1):14-35, 2001.
24. M. Mesterton-Gibbons. An Introduction to Game-Theoretic Modeling. Addison-Wesley Publishing Company, 1992.
25. B. Mukherjee, L. T. Heberlein, and K.N. Levitt. Network intrusion detection. IEEE Network, pages 26-41, June 1994.
26. P. Ning, Y. Cui, and D. S. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In ACM Int'l Conf. on Computer and Communications Security, 2002.
27. N. Nisan and A. Ronen. Algorithmic mechanism design. Games and Economic Behavior, 35, 2001.
28. P. F. Syverson. A different look at secure distributed computation. In Proc. 10th IEEE Computer Security Foundations Workshop, 1997.
29. F. Thusijsman. Optimality and Equilibria in Stochastic Games. Centrum voor Wiskunde en Information, Amsterdam, 1992.
30. W. Vickrey. Counterspeculation, auctions, and competitive sealed tenders. Journal of Finance, 16:8-37, 1961.
31. X. Wang and M. Reiter. Defending against denial-of-service attacks with puzzle auctions. In IEEE Symposium on Security and Privacy, 2003.
32. M. P. Wellman and W. E. Walsh. Auction protocols for decentralized scheduling. Games and Economic Behavior, 35, 2001.
33. C. Zou, W. Gong, and D. Towsley. Code red worm propagation modeling and analysis. In Proc. ACM Conference on Computer and Communication Security, 2002.
34. J. Xu and W. Lee. Sustaining availability of web services under distributed denial of service attacks. In IEEE Transactions on Computer, 52(4):195-208, February 2003.