ADELPHI, Md. -- The U.S. Army conducted several groundbreaking studies in the field of game theory that highlighted the use of deception to mislead adversaries in the cyberspace domain.
Researchers from the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory exhibited the results of their studies at the virtual 2020 Conference on Decision and Game Theory for Security, Oct. 26-30.
“Game theory allows us to analyze the behavior of intelligent adversaries, predict adversaries course of action and find the best response to protect our network,” said Dr. Charles Kamhoua, senior electronics engineer in the lab’s Network Security Branch. “GameSec is the premier conference that brings together researchers from academia, industry and government working at the intersection of game theory and cyber security.”
At the intersection between cybersecurity and game theory, Army researchers continually search for new ways to outmaneuver near-peer adversaries and thwart attempts to breach the military’s networks.
In order to devise strategies to outsmart attackers and protect important targets, researchers use security games to test out different techniques.
“Security games are used to model strategic interaction or conflict between attackers and defenders,” Kamhoua said. “The result of security game is an optimum defense policy or resource allocation in contested environment.”
Security games often employ attack graphs, graphical representations that outline all the possible ways an attacker could breach a network, to model different cybersecurity problems and analyze the effectiveness of various deception strategies.
According to Kamhoua, attack graphs allow researchers to simplify a complex network into a system of nodes and edges, where the actions of the attacker and the defender change the physical structure of the graph.
With the attack graph set as the gameboard, researchers can conduct multiple simulations of these security games to create algorithms that dictate the best course of action that a computer system should take in real life.
“An attack graph show the interdependency between all vulnerabilities,” Kamhoua said. “An attack graph also helps find all possible combination of vulnerabilities an attacker can use from any entry point to any target.”
In one of the studies prepared for GameSec 2020, Army researchers explored the use of deception in Stackelberg security games, where the attacker’s moves depend on the preceding decisions of the defender.
In this security game, the defender can employ any combination of camouflage, decoys and misinformation to strategically manipulate the attack graph and deceive the attacker.
As detailed in the paper titled Harnessing the Power of Deception in Attack Graph-Based Security Games, the researchers created a mixed-integer linear program-based algorithm for solving bipartite directed acyclic graphs as well as a neural architecture search-based algorithm for solving general directed acyclic graphs.
“By developing deception techniques on attack graphs, it demonstrates how this idea can be applied to a broad range of computer and network defensive settings, particularly in tactical environments when it is critical to efficiently adapt to potential adversarial attacks,” said Dr. Kevin Chan, Team Lead in the lab’s Tactical Network Assurance Branch.
The lab also worked with researchers from Worcester Polytechnic Institute to examine how networks can optimize the placement of decoys in a hypergame model, where the attacker possesses incomplete information about the network.
Partly funded by the Defense Advanced Research Projects Agency, the researchers designed new algorithms that compute deceptive, sure-winning strategies that outsmart the attacker and maximize the defender’s odds of victory. They reported the results in the paper Decoy Allocation Games on Graphs with Temporal Logic Objectives.
“Using a hypergame on a game model, this approach computes the optimal choice of decoy locations and successfully presents desired perceptions to an unauthorized network user,” said Dr. Nandi Leslie, Engineering Fellow at Raytheon Technologies and coauthor of the research paper.
In addition to the development of novel cyber deception techniques, Army researchers used security games to experiment with various other situations in the cyberspace domain.
Detailed in a paper, A Game Theoretic Framework for Software Diversity for Network Security, researchers designed a two-player, nonzero-sum game to study how software diversity, or variations in program implementation, impacts network security.
“Diversified networks are more resilient against zero-day attacks and unknown vulnerabilities,” said Dr. Ahmed Hemida, a postdoctoral research fellow at the lab’s Network Security Branch and a coauthor of the research paper. “Game theory characterizes the optimal level of diversity to avoid unnecessary network operational costs.”
In another paper, Blocking Adversarial Influence in Social Networks, researchers investigated possible solutions on how to limit the spread of misinformation in a Stackelberg game designed to emulate social networks.
“Fundamental research on cyber security and game theory can be applied to a broad range of Army domains, applications and environments,” said Dr. Michael Frame, ARL collaborative alliance manager for the Cyber Security Collaborative Research Alliance. “Collaborations between government, industry and academia aim to develop and advance the state of the art of cyber security, in support of the Army's modernization priority for secure networks enabling future warfighters to accomplish their mission in Multi-Domain Operations.”
The mentioned research papers represented only a portion of the studies that Army researchers presented at the GameSec 2020 conference.
Harnessing the Power of Deception in Attack Graph-Based Security Games and A Game Theoretic Framework for Software Diversity for Network Security both received funding from the Cyber Security Collaborative Research Alliance.
Decoy Allocation Games on Graphs with Temporal Logic Objectives involved collaboration with the DARPA SI3-CMD program, while Blocking Adversarial Influence in Social Networks resulted from collaboration with the Army Research Office Multidisciplinary Research Initiative Program.
Kamhoua participated in the conference as the chair for the session on machine learning and security and gave an invited talk on his paper, Game Theory on Attack Graph for Cyber Deception.
Visit the laboratory's Media Center to discover more Army science and technology stories.