Stackelberg Security Game for Optimizing Security of Federated Internet of Things Platform Instances
Authors: Violeta Damjanovic-Behrendt
This paper presents an approach for optimal cyber security decisions to protect instances of a federated Internet of Things (IoT) platform in the cloud. The presented solution implements the repeated Stackelberg Security Game (SSG) and a model called Stochastic Human behaviour model with AttRactiveness and Probability weighting (SHARP). SHARP employs the Subjective Utility Quantal Response (SUQR) for formulating a subjective utility function, which is based on the evaluations of alternative solutions during decision-making. We augment the repeated SSG (including SHARP and SUQR) with a reinforced learning algorithm called Naïve Q-Learning. Naïve Q-Learning belongs to the category of active and model-free Machine Learning (ML) techniques in which the agent (either the defender or the attacker) attempts to find an optimal security solution. In this way, we combine GT and ML algorithms for discovering optimal cyber security policies. The proposed security optimization components will be validated in a collaborative cloud platform that is based on the Industrial Internet Reference Architecture (IIRA) and its recently published security model.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1130143Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1039
 EY, “Cybersecurity and the Internet of Things. Insights on governance, risk and compliance”, March 2015. Online available: https://go.ey.com/1CjIS8f (Last accessed: January 9, 2017)
 W.S. Inbarani, C.K.C. Paul, and W.A.J. Jeevakumar, „A Survey on Security Threats and Vulnerabilities in Cloud Computing“, International Journal of Scientific & Engineering Research, Volume 4, Issue 3, March 2013.
 K. Dahbur, and B. Mohammad, "A Survey of Risks, Threats and Vulnerabilities in Cloud Computing.", International Conference on Intelligent Semantic Web-Services and Applications, (ISWSA '11). ACM, New York, NY, USA, 2011, Online available: http://www.jisajournal.com/content/4/1/5 (Last accessed: January 9, 2017)
 M. Ahmed, and M.A. Hossain, "Cloud Computing and Security Issues in the Cloud", IJNSA, Vol.6, No.1, January 2014. Online available: http://airccse.org/journal/nsa/6114nsa03.pdf (Last accessed: January 9, 2017)
 R. Roman, P.Najera, and J.Lopez, “Securing the Internet of Things", IEEE Computer, vol.44, pp.51-58, 2011. Online available: http://doi.org/10.1109/MC.2011.291 (Last accessed: January 9, 2017)
 V.O. Safonov, Trustworthy Cloud Computing, (1st Ed.), Wiley Publishing, 2016.
 M.A. Bamiah, and S.N. Brohi, “ Seven Deadly Threats and Vulnerabilities in Cloud Computing,” IJAEST, 2011, pp. 87-90. Online: https://www.academia.edu/4877213/Seven_Deadly_Threats_and_Vulnerabilities_in_Cloud_Computing (Last accessed: January 9, 2017)
 F. Brunton and H. Nissenbaum, “Vernacular resistance to data collection and analysis: a political theory of obfuscation,“ First Monday, 16(5), 2011 http://firstmonday.org/article/view/3493/2955 (Last accessed: December 16, 2016)
 A. Ghosh, T. Roughgarden, and M. Sundararajan, “Universally utility-maximizing privacy mechanisms,“ In Proceedings of the 41st annual ACM symposium on Theory of computing, ACM, 2009, pp. 351-360.
 A. Ghosh, T. Roughgarden, and M. Sundararajan, “Universally utility-maximizing privacy mechanisms,“ SIAM Journal on Computing, 41(6), pp. 1673-1693, 2012.
 C. Li, M. Hay, V. Rastogi, G. Miklau, and A. McGregor, “Optimizing linear counting queries under differential privacy,“ In Proceedings of the 29th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of database systems, ACM, 2010, pp 123-134.
 S. Ioannidis, A. Montanari, U. Weinsberg, S. Bhagat, N. Fawaz, and N. Taft, “Privacy tradeoffs in predictive analytics,“ arXiv preprint arXiv: 1403.8084, 2014.
 R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, „Protecting location privacy: optimal strategy against localization attacks,“ In Proceedings of the ACM conference on Computer and Communication Security, 2012.
 R. Shokri, „Privacy games: optimal user-centric data obfuscation,“ In Proceedings on Privacy Enhancing Technologies 2015 (2), pp. 1-17.
 M.H. Manshaei, Q. Zhu, T. Alpcan, T. Basar, and J.-P. Hubaux, „Game Theory meets network security and privacy,“ ACM Computing Surveys, 45(3), 2012.
 R. Machado and S. Tekinay, „A survey of Game Theoretic approaches in Wireless Sensor Network,“ Computer Network 2008, 52, pp. 3047–3061.
 S. Shen, G. Yue, Q. Cao, and F. Yu,“A survey of Game Theory in Wireless Sensor Networks security,“ Journal of Networks, 2011, 6, pp. 521–532.
 A. Agah, K. Basu, S.K. and Das, “Enforcing security for prevention of DoS attack in Wireless Sensor Networks using economic modelling,“ In Proceedings of 2005 IEEE International Conference on Mobile Adhoc and Sensor Systems, Washington, DC, USA, 2005.
 A. Agah, K. Basu, S.K. and Das, „Preventing DoS attack in Sensor Networks: A Game Theoretic approach,“ In Proceedings of 2005 IEEE International Conference on Communications, South Korea, 2005.
 Y.E. Sagduyu, and A. Ephremides, „A Game Theoretic analysis of Denial of Service attacks in Wireless Random Access,“ Wireless Networks, 2009, 15, pp. 651–666.
 A. Agah, S.K. Das, and K. Basu, „A Game Theory based approach for security in Wireless Sensor Networks,“ In Proceedings of 2004 23rd IEEE International Performance, Computing and Communications Conference, Phoenix, AZ, USA, pp. 15–17, 2004.
 A. Agah, and S.K. Das, “Preventing DoS Attacks in Wireless Sensor Networks: A repeated Game Theory approach,” Int. J. Network Security 2007, 5, pp. 145–153.
 L. Yang, D. Mu, and X. Cai, “Preventing dropping packets attack in Sensor Networks: a Game Theory approach,“ Wuhan Univ. J. Nat. Sci. 2008, 13, pp. 631–635.
 H. Li, L. Lai, and R.C. Qiu, „A Denial-of-Service jamming game for remote state monitoring in Smart Grid,“ In Proceedings of 2011 45th Annual Conference on Information Sciences and Systems, MD, USA.
 R. Dong, L. Liu, J. Liu, and X. Xu, „Intrusion Detection System based on payoff matrix for Wireless Sensor Networks,“ In Proceedings of 2009 3rd International Conference on Genetic and Evolutionary Computing (WGEC 2009), Guilin, China, 2009.
 M. Kodialam and T. V. Lakshman, “Detecting network intrusions via sampling: a Game Theoretic approach," in Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE INFOCOMM 2003, (Piscataway, NJ, USA), pp. 1880--1889, IEEE Press, 2003.
 T. Alpacan and T. Basar,“A Game Theoretic approach to decision and analysis in network intrusion detection," in Proceedings of 43rd IEEE Conference on Decision and Control, (USA), IEEE Press, 2004.
 A. Patcha and J.M. Park,“ A Game Theoretic formulation for intrusion detection in mobile ad hoc networks,” International Journal of Network Security, Vol.2, No.2, PP.131–137, 2006.
 Y.B. Reddy, “A Game Theory approach to detect malicious nodes in Wireless Sensor Networks,” In Proceedings of 2009 3rd International Conference on Sensor Technologies and Applications, Greece, 18–23, 2009.
 Y.B. Reddy, and S. Srivathsan, S., “Game Theory model for selective forward attacks in Wireless Sensor Networks,“ In Proceedings of 2009 17th Mediterranean Conference on Control and Automation (MED), Thessaloniki, Greece, 2009.
 M. Mohi, A., Movaghar, and P.A., Zadeh, “Bayesian game approach for preventing DoS attacks in Wireless Sensor Networks.” In Proceedings of 2009 WRI International Conference on Communications and Mobile Computing, Kunming, China, 2009.
 P. Michiardi and R. Molva, “Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks," in Proceedings of the 6th IFIP Communications and Multimedia Security Conference, 2002.
 M. Xie, S. Han, B. Tian, and S. Parvin, “Anomaly detection in Wireless Sensor Networks: a survey,“ Journal of Network Computing Applications, 2011, 34, pp. 1302–1325.
 Y. Qiu, Z. Chen, and L. Xu, “Active defence model of Wireless Sensor Networks based on evolutionary Game Theory,” In Proceedings of 2010 6th International Conference on Wireless Communications, Networking and Mobile Computing, Chengdu, China, 2010.
 J. Chen, and R. Du, “Fault tolerance and security in forwarding packets using Game Theory,“ In Proceedings of the 2009 International Conference on Multimedia Information Networking and Security (MINES 2009), Hubei, China, 2009.
 A. Agah, K. Basu, and S. K. Das, “Security enforcement in Wireless Sensor Networks: a framework based on non-cooperative games,” Pervasive and Mobile Computing, vol. 2, Apr. 2006, pp. 137-158.
 X. Li and M. R. Lyu, “A novel coalitional game model for security issues in wireless networks,” In Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM 2008), 2008, pp. 1- 6.
 Y. Wang, J. Bo, and G. Li, “Research on cloud manufacturing resource allocation in distributed computing environment”, Int. Journal of Grid Distribution Computing, Vol. 8, No. 3, 2015.
 W. Wang, M. Chatterjee, and K. Kwiat, “Coexistence with malicious nodes: a Game Theoretic approach,” In Proc. International Conference on Game Theory for Networks (GameNets ’09), 2009, pp. 277-286.
 Cloud Security Alliance (CSA)’s Security Guidance for Critical Areas of Focus in Cloud Computing (2009), CSA.
 C. Karlof and D. Wagner,“Secure routing in Wireless Sensor Networks: attacks and countermeasures,“ Ad Hoc Networks, Volume 1, Issue 2, pp. 293-315.
 S. Peisert, et al., “Designed-In security for Cyber-Physical Systems,“ IEEE Computer and Reliability Societies. September/October 2014.
 Internet Society, “The Internet of Things: an overview,” Understanding the Issues and Challenges of a More Connected World, 2015.
 Song, D., Wagner, D., and Perrig, A., “Practical techniques for searches on encrypted data,“ In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, California, USA, pp. 44-55, 2000.
 Gentry, C., “Fully homomorphic encryption using ideal lattices,” In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC’09), pp. 169-178, Maryland, USA, 2009.
 Chor, B., Kushilevitz, E., Goldreich, O., and Sudan, M., “Private Information Retrieval,“ Journal of ACM (JACM), Vol 45, No 9, pp. 965-981, 1998.
 P. Lee, A. Clark, B. Alomair, L. Bushnell, and R. Poovendran, "Passivity-based distributed strategies for stochastic Stackelberg Security Games," IEEE Conference on Game and Decision Theory for Security (GameSec), 2015.
 P. Paruchuri, J. P. Pearce, J. Marecki, M. Tambe, F. Ordonez, and S. Kraus, “Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg Games,” In Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems – Vol. 2, AAMAS, pp. 895–902, 2008.
 D. Kar, F. Fang, F. D. Fave, N. Sintov, and M. Tambe, „A Game of Thrones: when human behaviour models compete in repeated Stackelberg Security Games,“ In International Conference on Autonomous Agents and Multiagent Systems (AAMAS), 2015.
 T. H. Nguyen, R. Yang, A. Azaria, S. Kraus, and M. Tambe, “Analyzing the effectiveness of adversary modelling in security games,“ In AAAI, 2013.
 Savage, L. J., The Foundations of Statistics. Dover Publications. 1972.
 Fischhoff, B., Goitein, B. and Shapira, Z., “Subjective utility function: a model of decision-making,” American Society of Information Science 32(5): 391–399. 1981.
 W. Haskell, D. Kar, F. Fang, M. Tambe, S. Cheung, and E. Denicola. “Robust protection of fisheries with compass,” In Innovative Applications of Artificial Intelligence (IAAI), 2014.
 K. Chung, C. A. Kamhoua, K. A. Kwiat, Z. T. Kalbarczyk and R. K. Iyer, "Game Theory with learning for cyber security monitoring," 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE), Orlando, FL, 2016, pp. 1-8.
 A. Nair, et al., “Massively parallel methods for Deep Reinforcement learning,” Deep Learning Workshop, International Conference on Machine Learning, Lille, France, 2015. Online available: https://arxiv.org/abs/1507.04296 (Last accessed: December 16, 2016)