Figure 2 - uploaded by Kaiming Xiao
Content may be subject to copyright.
Source publication
Stealth malware is a representative tool of advanced persistent threat (APT) attacks, which poses an increased threat to cyber-physical systems (CPS) today. Due to the use of stealthy and evasive techniques, stealth malwares usually render conventional heavy-weight countermeasures inapplicable. Light-weight countermeasures, on the other hand, can h...
Contexts in source publication
Context 1
... the CPS network is full-connected physically, strict access control and designed communication patterns let the actual network structure not fully connected under operating conditions. Figure 2 gives an abridged view on the topology of an operating CPS network, where links present the permitted or designed communication patterns between CPS devices rather than all possible connections. It is worth noting that any traffic violating the those communication patterns will be treated as abnormal or illegitimate in CPS [45], which is a significant difference between CPS and traditional information systems. ...
Context 2
... exemplify this, an instance of the defense scenario is given in Figure 2, where workstation 2 has been infected with a kind of malware from an attacker and two copies of this malware has been stealthily spread to mobile workstation and MTU 2. The defender is supposed to know the abnormal condition of workstation 2 based on its detection system, but more time is needed to analyze the malware sample, develop exploits patching, and deploy anti-malware programs. Hence, the defender should firstly implement light-weight countermeasures. ...
Citations
... Although a variety of research works have employed game theory to tackle diverse security problems [5], [8], [9], [19], [22], [28]- [30], [32], [35], [36], [39], [40], [42] and different automated input creation methods have been devised [1], [2], [10], [20], [21], [24], [43], these research works do not deal with game theoretic security analysis on input-driven evasive malware in the IoT. Our proposed game theoretic security analysis is the first effort to analytically examine input-driven evasive malware in the IoT. ...
... Wu et al. devise a detection scheme grounded on a game theoretic analysis for IoT system security [39]. Xiao et al. propose a game-theoretic defense system against surreptitious malware propagation in a CPS [40]. In [42], a stochastic game for channel selection is formulated to tackle privacy-preserving spectrum sharing problem. ...
p>Game Theoretic Approach Toward Detection of Input-Driven Evasive Malware in the IoT
</p
... Although a variety of research works have employed game theory to tackle diverse security problems [5], [8], [9], [19], [22], [28]- [30], [32], [35], [36], [39], [40], [42] and different automated input creation methods have been devised [1], [2], [10], [20], [21], [24], [43], these research works do not deal with game theoretic security analysis on input-driven evasive malware in the IoT. Our proposed game theoretic security analysis is the first effort to analytically examine input-driven evasive malware in the IoT. ...
... Wu et al. devise a detection scheme grounded on a game theoretic analysis for IoT system security [39]. Xiao et al. propose a game-theoretic defense system against surreptitious malware propagation in a CPS [40]. In [42], a stochastic game for channel selection is formulated to tackle privacy-preserving spectrum sharing problem. ...
p>Game Theoretic Security Analysis against Input-Driven Evasive Malware in the IoT
</p
Research motivation: The aim is to study the secure storage of cloud music resources, especially the Secure Data Storage and Defense (SDSD) in the Edge Computing Ecosystem (ECE). The main problems and solutions: the present work builds an anti-malware propagation mechanism and proposes an Edge Devices (EDs)-oriented ant-malware propagation SDSD algorithm for user cloud music resources. The proposed ED-oriented SDSD model and algorithm are based on the Mean Field Game (MFD), realizing the combination of SDSD strategies in ECE with game theory. Research results: In the actual ECE, the anti-malware SDSD model can reduce the data loss by adjusting the network and ED parameters. Specifically, within 0 ~ 20s, the number of infected devices decreases gradually at a rate of about 4% over time. Users can minimize their data loss while minimizing their Computing Resource (CORE) consumption. The data loss decreases monotonically with time. When t > 20s, the Average Data Loss (ADL) is stable at 0. Research conclusion: the proposed SDSD model for users’ cloud music resources is efficient and practical in securely storing data in the ECE.
In client-server information systems with quality of service (QoS) differentiation, Client may deplete Server’s resources by demanding unduly high QoS level. Such QoS abuse has eluded systematic treatment; known defenses using Client authorization, payments, or service request inspection prior to QoS assignment, are heuristic and environment-specific. We offer a game-theoretic approach on the premise that a service request is occasionally trusted to reduce the inspection cost. We call Fake VIP attack (FVA) a form of QoS abuse that consciously exploits Server’s trust. An FVA strategy instills trust to maximize Client’s utility gained from successful FVAs, whereas a trust strategy maximizes Server’s utility by trading her loss due to successful FVAs against the request inspection cost. We consider a realistic scant-transparency setting where only long-term utilities are observable. Against a probabilistic FVA strategy we design a trust strategy based on double-blind reputation. Assuming a memoryless service request stream we analyze the impact of the request inspection cost and information leakage on the utilities at the Stackelberg equilibrium of the arising game. Experimental comparison with a real-world internally correlated stream is also shown.
