GameSec: A Game Theoretic Approach to Attack Prediction

2002-2005: DOE Early Career Principle Investigator Award

Cyber security is not only an important science and technology issue, but also a critical national security issue. The ability to predict attacks can dramatically enhance people's capacity to defend cyber attacks since attack prediction has the potential to evolve existing passive (or reactive) secure systems into (pro)active secure systems. This research suggests a game theoretic approach to predict cyber attacks. Our approach models a cyber system and an attacker as two players playing a game, and the Nash equilibrium strategies of the game can produce valuable predictions about cyber attacks.  The predictions produced by our approach can tell which actions the attacker will probably take when an attack happens, although they cannot tell when the attack will probably happen.  Our approach not only can predict (the actions of) known types of attacks, but also can predict (the actions of) some unknown (or new) types of attacks.

Publications:

  1. P. Liu, W. Zang, M. Yu, “Incentive-Based Modeling and Inference of Attacker Intent, Objectives and Strategies”, ACM Transactions on Information and Systems Security, 56(3): 283—298.
  2. Peng Liu, “Financial Cyber Crime Detection and Analysis: A Game Theoretic Approach”, International Journal of Information Policy, Law, and Security, under review.
  3. P. Liu, W. Zang, “Incentive-Based Modeling and Inference of Attacker Intent, Objectives and Strategies,” Proc. 10th ACM Conference on Computer and Communications Security (CCS ’03), October 28-31, Washington DC, 2003, pages 179-189.
  4. W. Zang, P. Liu, M. Yu, “A Game Theoretic Analysis of Resilience of Internet against DDoS Attacks”, to be submitted for journal publication.
  5. Peng Liu, Meng Yu, Jiwu Jing, “Information Assurance”, In Handbook of Information Security, Hossein Bidgoli et al. (eds.), John Wiley & Sons, 2005.
  6. M. Yu, P. Liu, W. Zang, “Self Healing Workflow Systems under Attacks”, in Proc. 24th IEEE International Conference on Distributed Computing Systems (ICDCS 04), Tokyo, Japan, March 2004, pages 418-425. Acceptance rate = 17.68%
  7. M. Yu, W. Zang, P. Liu, “Defensive Execution of Transactional Processes against Attacks”, In Proc. ACSAC ’05, 2005, to appear, Acceptance rate = 19.6%
  8. M. Yu, P. Liu, W. Zang, “Dependency Relation based Attack Recovery of Workflow Systems”, ACM Transactions on Information and Systems Security, in review.
  9. M. Yu, P. Liu, W. Zang, “The Implementation and Evaluation of a Self-Healing Workflow System,” IEEE Transactions on Dependable and Secure Computing, in review for journal publication.
  10. M. Yu, P. Liu, W. Zang, “Specifying and Using Group-to-Group Communication Services for Intrusion Masking”, Journal of Computer Security, Vol. 13, No. 4, 623-658.
  11. H. Wang, P. Liu, L. Li, “Evaluating the Impact of Intrusion Detection Deficiencies on the Cost-Effectiveness of Attack Recovery, Proceedings of the 7th Information Security Conference, San Francisco, September 2004.
  12. R. Li, J. Li, H. Kameda, P. Liu, “Localized Public-key Management for Mobile Ad Hoc Networks”, Proc. 2004 IEEE Globecom, Nov 2004.
  13. Q. Gu, P. Liu, W. Lee, C. Chu, “eKTR: An Efficient Key Management Scheme in Wireless Data Broadcast Services”, Proc. 2005 IEEE Mobiquitous, short paper, 2005.
  14. Peng Liu, Hai Wang, Lunquan Li, “Real-Time Data Attack Isolation for Commercial Database Applications”, Elsevier Journal of Network and Computer Applications, in press.
  15. Q. Gu, P. Liu, S. Zhu, C. Chu, “Defending against Packet Injection Attacks in Unreliable Ad Hoc Networks”, In Proc. IEEE GLOBECOM ’05, 2005, to appear.
  16. Peng Liu, Amit Chetal, “Trust-Based Secure Info Sharing Between Federal Government Agencies”, Journal of the American Society for Information Science and Technology, Vol. 56, No. 3, 2005, pages 283-298.
  17. R. Li, J. Li, P. Liu, H. H. Chen, “On-Demand Public-Key Management for Mobile Ad Hoc Networks”, Journal of Wireless Communications and Mobile Computing, accepted, to appear.
  18. Q. Gu, P. Liu, C. Chu, “Analysis of Area-congestion-based DDoS Attacks in Ad Hoc Networks”, International Journal of Ad Hoc Networks, in review.