The following are some issues that can be further studied:
Collaborative Defense
In our model, we only consider collaborative attacks. However, from the point of view of a nation-state, there must exist various information security experts not only specialize in attack but also specialize in defense. In [34], the author said that in order to counter collaborative attacks, we might need collaborative defense.
Therefore, in the future work, we could consider some of the experts might form a
158
group of collaborative attackers while some might form a group of collaborative defenders.
Multiple Players (Nation-States)
In this paper, we propose a framework to model two conflicting nation-states in the cyberwar. Nevertheless, the political tensions between nation-states, especially those super power nation-states, are often heard from daily news. To further simulate the circumstances in the real world, more players (nation-states) to join a battle might be necessary to be considered in the future work.
Now we take three players for instance. On one hand, the three players could attack each other individually. On the other hand, two of them could also form an alliance to mount the other one. In this way, the combinations of the players would be more complicated to consider, which enhances the richness of the original problem.
Anticipatory Strategy
In real world, under some circumstances, a nation-state would like to strike first. We have included the concept of preventive strike in our research.
159
Nevertheless, according to [55], aside from preventive strike, preemptive strike also belongs to this kind of first-strike strategy. The authors used the term
“anticipatory attack” to refer to the broader category that includes both types of strategies. Both of them are offensive strategies carried out for defensive reasons, based on the belief that an enemy attack is (or may be) inevitable, and it would be better to fight on one’s own terms. Furthermore, “the degree of certainty that the adversary will strike if the anticipatory attack is not launched,” and “the first-strike advantage expected from carrying out the anticipatory attack compared to allowing the opponent to attack on its own terms” are two fundamental strategic variables determining whether preemptive or preventive attack should take.
Therefore, in the future work, it would be meaningful to consider preemptive strike strategy as well and to include the two strategic variables aforementioned in the model to further consider which strategy might be better.
Unique Attack Strategy for each Collaborative Attacker
In our model, each collaborative attacker could have different attack power over nodes. This could be viewed as a distinctive attribute for each collaborative
160
attacker. Furthermore, it would be interesting to consider that each attacker has their own attack strategy. For instance, some may specialize in taking PS strategy;
while some may especially good at exploring unknown vulnerabilities. That is, when the collaborative attacker who is skilled in exploring unknown vulnerabilities is assigned to join the battle this round, the result of exploration would be better this round. Or if the collaborative attacker who excels at taking PS strategy is assigned in the next round, then the player could take PS strategy in that round.
The Weight of Link in Calculating DOD
The link vulnerability explicitly accounts for the flow on the disrupted link and the availability of alternate paths. Link is a component of O-D pairs, and a link may belong to many O-D pairs. When the link is disrupted, it will need other alternative paths to accommodate the affected flow. Therefore, the importance of a link would affect the connectivity of an O-D pair, and finally influence the network survivability. As a result, the weight of link should be taken into consideration when calculating the DOD metric.
161
N-Round Attack-Defense
The complexity of our mathematical problem would increase in an exponential way when considering one round more; therefore, the problem is quite difficult to solve. We would always like to know if there exists a steady condition of the network survivability, which means to have one more round or not might not influence the network survivability too much any longer. As a result, in order to verify whether the conjecture is right or not, it is necessary to extend the number of attack-defense rounds as huge as possible.
Because of the diversity of the attack-defense problem, there are multiple different kinds of issues that could be discussed. Therefore, more and more issues would be extended to reflect reality in the future.
162
163
References
[1] SAINT, “Integrated Network Vulnerability Scanning and Penetration Testing,”
SAINT, 2009.
[2] IBM Internet Security Systems X-Force research and development team,
“X-Force 2011 Mid-Year Trend and Risk Report,” IBM, September 2011.
[3] R. Robert, “CSI Computer Crime and Security Survey 2010/2011,” Computer
Security Institute, 2011.
[4] Symantec, “2011 State of Security Survey,” Symantec Corporation, 2011.
[5] R.A. Clarke, “Cyber War,” HarperCollins, 2010, http://en.wikipedia.org/wiki/Cyberwarfare.
[6] McAfee, “Advanced Persistent Threats,” McAfee, 2010.
[7] Jonathan Fildes, “Stuxnet Worm Targeted High-Value Iranian Assets,” BBC news, September 2010, http://www.bbc.com/news/technology-11388018.
[8] D.E. Sanger, “Obama Order Sped Up Wave of Cyber Attacks Against Iran,” New
York Times, June 2012,
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-c yberattacks-against-iran.html?_r=2.
[9] Kevin Fogarty, “Iran official threatens retaliation for Stuxnet,” IT World, April,
164
2011.
[10] SANS, “A Detailed Analysis of an Advanced Persistent Threat Malware,” SANS, October, 2011.
[11] “Terms and Definitions Related to Quality of Service, Availability, and Reliability,”
CCITT Fascicle III. 1Rec. G. 106, 1984.
[12] V.R. Westmark, “A Definition for Information System Survivability,” System
Sciences, Proceedings of the 37th Annual Hawaii International Conference on,
January 2004.
[13] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead,
“Survivable Network Systems: An Emerging Discipline,” Technical Report
CMU/SEI-97-TR-013, November 1997.
[14] W. Jiang, B.X. Fang, H.l. Zhang, and Z.H. Tian, “A Game Theoretic Method for Decision and Analysis of the Optimal Active Defense Strategy,” International
Conference on Computational Intelligence and Security, 2007.
[15] W. Jiang, B.X. Fang, H.l. Zhang, and Z.H. Tian, “Optimal Network Security Strengthening Using Attack-Defense Game Model,” Sixth International
Conference on Information Technology: New Generations, 2009.
[16] Y.S. Lin, P.H. Tsang, C.H. Chen, C.L. Tseng, and Y.L. Lin, “Evaluation of
165
Network Robustness for Given Defense Resource Allocation Strategies,”
Proceedings of the First International Conference on Availability, Reliability and Security, 2006.
[17] F.Y.S. Lin, H.H. Yen, P.Y. Chen, and Y.F. Wen, “Evaluation of Network Survivability Considering Degree of Separation,” Hybrid Artificial Intelligence
Systems, 2011.
[18] F.Y.S. Lin, P.Y. Chen, Q.T. Chen, “Resource Allocation Strategies to Maximize Network Survivability Considering of Average DOD”, Advances in Intelligent and Soft Computing, Vol. 151, pp. 751-758, 2012.
[19] S. Skaperdas, “Contest Success Functions,” Economic Theory, 1996.
[20] K. Kark, J. Penn, and A. Dill, “2008 CISO Priorities: The Right Objectives but The Wrong Focus,” Le Magazine de la Sécurité Informatique, April 2009.
[21] J.P. Pironti, “Key Elements of an Information Security Program,” Information
Systems Control Journal, vol. 1, 2005.
[22] A.Barth, B. Rubinstein, M. Sundararajan, J.C. Mitchell, D. Song, and P.L. Bartlett,
“A Learning-Based Approach to Reactive Security,” Proceeding of the Fourteenth
International Conference on Financial Cryptography and Data Security, 2010.
[23] Y. Xiang, W. Zhou, and M. Chowdhury, “A Survey of Active and Passive Defence
166
Mechanisms against DDoS Attacks,” Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia, 2004.
[24] G. Levitin, K. Hausken, and H. Ben Haim, “Active and Passive Defense against Multiple Attack Facilities,” International Game Theory Review, 2010.
[25] G. Levitin and K. Hausken, “Preventive Strike vs. False Targets and Protection in Defense Strategy,” Reliability Engineering & System Safety, vol. 96, issue 8, pp.
912–924, 2011.
[26] G. Levitin and K. Hausken, “Preventive Strike vs. Protection in Defense Strategy,”
Military Operations Research, vol. 15(3), pp. 5-15, 2010.
[27] G. Levitin and K. Hausken, “Shield vs. Sword Resource Distribution in K-round Duels,” Central European Journal of Operations Research, vol. 8, pp. 1-15, June 2010.
[28] V. Kroening, “Prevention or Preemption? Towards a Clarification of Terminology,”
Commonwealth Institute Project on Defense Alternatives Guest Commentary,
2003.
[29] T. Sauer, “The Preventive and Pre-Emptive Use of Force,” Ethical Perspectives, vol. 11, no. 2-3, pp. 130-142, 2004.
[30] P.S. Ford, “Israel's Attack on Osiraq: A Model for Future Preventive Strikes,”
167
INSS Occasional Paper 59, USAF Institute for National Security Studies, USAF Academy, Colorado, pp. 15, July 2005.
[31] B. Bhargava, Y. Zhang, N. Idika, L. Lilien, and M. Azarmi, “Collaborative Attacks in WiMAX Networks,” Security and Communication Networks, vol. 2(5), pp. 373-391, 2009.
[32] T. Gong and B. Bhargava, “Immunizing Mobile Ad Hoc Networks against Collaborative Attacks Using Cooperative Immune Model,” Security and
Communication Networks, 2011. (Under Review)
[33] X. Li and S. Xu, “A Stochastic Modeling of Coordinated Internal and External Attacks,” Technical Report, 2007.
[34] S. Xu, “Collaborative Attack vs. Collaborative Defense,” Lecture Notes of the
Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 10(2), pp. 217-228, 2009.
[35] Websense, “Advanced Persistent Threats and Other Advanced Attacks: Threat Analysis and Defense Strategies for SMB, Mid-size, and Enterprise Organizations,” Websense, September 2011.
[36] A. Juels and T.F. Yen, “Sherlock Holmes and the Case of the Advanced Persistent Threat,” RSA Laboratories, Cambridge, MA, USA, April 2012.
168
[37] Mandiant, “M-Trends, the Advanced Persistent Threat,” Mandiant, January 2010.
[38] Command Five Pty Ltd, “Advanced Persistent Threats: A Decade in Review,”
Command Five Pty Ltd, June 2011.
[39] Jason Andress, “Advanced Persistent Threat: Attacker Sophistication Continues to Grow,” ISSA Journal, June 2011.
[40] M.S. Deutsch and R.R. Willis, “Software Quality Engineering: A Total Technical and Management Approach,” Englewood Cliffs, NJ: Prentice-Hall, 1988.
[41] U.S. Department of Commerce, National Telecommunications and Information Administration, Institute for Telecommunications Services, Federal Standard 1037C.
[42] P.G. Neumann, “Practical Architectures for Survivable Systems and Networks,”
Technical Report, Computer Science Laboratory, SRI International, CA, 2000.
[43] J. Knight and K. Sullivan, “On the Definition of Survivability,” Department of
Computer Science, University of Virginia, Tech. Rep. CS-00- 33, December 2000.
[44] S.D. Moitra and S.L. Konda, “A Simulation Model for Managing Survivability of Networked Information Systems,” SEI, December 2000.
[45] S. Jha, J.M. Wing, “Survivability Analysis of Networked Systems,” Proceedings
of the Twenty-Third International Conference on Software Engineering, pp.
169
872-874 2001.
[46] H. Kerivin and A.R. Mahjoub, “Design of Survivable Networks: A survey.
Networks,” vol. 46(1), pp.1–21, 2005.
[47] B. Bassiri and S.S. Heydari,“Network Survivability in Large-Scale Regional Failure Scenarios,” Proceedings of the Second Canadian Conference on
Computer Science and Software Engineering, Montreal, Quebec, Canada, pp.
83–87, 2009.
[48] P.E. Heegaard and K.S. Trivedi, “Network Survivability Modeling,” Computer
Networks, vol. 53(8), pp. 1215-1234, 2009.
[49] F. Xing and W. Wang, “On the Survivability of Wireless Ad Hoc Networks with Node Misbehaviors and Failures,” IEEE Transactions on Dependable and Secure
Computing, vol. 7, no. 3, pp. 284-299, 2010.
[50] D. Chen, S. Garg, and K.S. Trivedi, “Network Survivability Performance Evaluation: A Quantitative Approach with Applications in Wireless Ad-Hoc Networks,” ACM International Workshop on Modeling, Analysis and Simulation
of Wireless and Mobile System, ACM, Atlanta, GA, September 2002.
[51] G. Zhao, H. Wang, and J. Wang, “A Novel Formal Analysis Method of Network Survivability Based on Stochastic Process Algebra,” Tsinghua Science Technology,
170
vol. 12, pp. 175-179, July 2007.
[52] H. Hassoun, “Fundamentals of Artificial Neural Networks,” MIT Press, 1995.
[53] S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, and Q. Wu, “A Survey of Game Theory as Applied to Network Security”, 43rd Hawaii International
Conference on System Sciences, January 2010.
[54] G. Owen, “Game Theory, 3rded,” Academic Press, 2001.
[55] K.P. Mueller, J.J. Castillo, F.E. Morgan, N. Pegahi, and B. Rosen, “Striking First:
Preemptive and Preventive Attack in U.S. National Security Policy,” RAND Corporation, 2016.
[56] J.J. Mearsheimer, “The Tragedy of Great Power Politics,” New York: W. W.
Norton & Company, 2001.
[57] Y.K. Wang, “Offensive Realism and the Rise of China,” Issues & Studies, vol. 40, no. 1, pp. 173-201, March 2004.
[58] P. Toft, “John J. Mearsheimer: an offensive realist between geopolitics and power,”
Journal of International Relations and Development, vol 8, pp. 383-386,
December 2005.
[59] N.D. Arora, “Political Science for Civil Services Main Examination,” Tata
McGraw-Hill, 2010.
171
Appendix
Three further experiments would be discussed in the appendix. Figure A-1 and Figure A-3 are the network topologies for player A; Figure A-2 and Figure A-4 are the network topologies for player B. The number of links and the diameter for three kinds of network topologies, grid, random, and scale-free, are all fixed to 12 and 4 respectively.
Figure A-1: Random Network A Figure A-2: Random Network B
172
Figure A-3: Scale-Free Network A Figure A-4: Scale-Free Network B
The parameters used in the following experiments are shown in Table A-1.
Table A-1: Experiment Parameters Settings
Parameters Value
Network Topology
1. Random for player A (In Figure A-1) 2. Random for player B (In Figure A-2) 3. Scale Free for player A (In Figure A-3) 4. Scale Free for player B (In Figure A-4)Contest intensity (m)
1The number of rounds
3The number of nodes
9The number of links
12173
The Diameter
4The number of O-D pairs
36 (considering all O-D pairs)The total resource of both
players
80 or 50 (depends on the requirement of the experiments)
Experiment 1: Adjusted PS Strategy
In this experiment, player A would take PS strategy in the first round, and his ability to allocate his attack resources would be better than before, which means the greater power of attack. On the other hand, player B could not fight back in the first round; also, his attack power would still be influenced by after-strike effect in the second round. Besides, player A would normally attack in the second round and the third round, and player B would normally attack in the third round. To demonstrate the results, the proportion of attack resource to defense resource that we discussed here would be (0.3, 0.7), (0.5, 0.5), and (0.7, 0.3). Furthermore, both players’ total resources would be (80, 80), the former one is for player A, and the later one is for player B.
I. The Variation of ADOD Values of Network A
The experiment results are demonstrated in Figure A-5, Figure A-6, and Figure A-7.
174
Figure A-5: Results of Taking Adjusted PS Strategy or Not in Network A (0.3, 0.7)
Figure A-6: Results of Taking Adjusted PS Strategy or Not in Network A (0.5, 0.5)
2.163 2.344 2.405
The variation of ADOD values of network A
ADOD Value (No PS) ADOD Value (PS)
The variation of ADOD values of network A
ADOD Value (No PS) ADOD Value (PS)
175
Figure A-7: Results of Taking Adjusted PS or Not in Network A (0.7, 0.3)
Experiment Results
After player A takes PS strategy in the first round, the ADOD values of his own network topology would decrease when comparing with the results of no one takes PS strategy.
Discussion of Results
After adjusting the original PS strategy and the experiment scenario, the ADOD values of network A decrease much more than which are in the previous experiment in section 4.2.2.1. In the previous experiment, the ADOD values of network A would decrease as a result of consecutive two rounds of
4.237 4.609 4.633
The variation of ADOD values of network A
ADOD Value (No PS) ADOD Value (PS)
176
after-strike effect, which influences player B’s retaliation ability in the second and the third round. However, in this experiment, not only the influence of after-strike effect in the second round but also player B is limited not to fight back in the first round that together largely decrease the ADOD values of network A. Since player B could not attack in the first round, network A is remained complete in the initial of the second round. Therefore, the final network survivability increases much more than that is in the previous experiment.
II. The Comparison between Previous and Adjusted PS of Network A
The following three charts of experiment results illustrate the percentage of decrease of ADOD values of network A after taking previous PS strategy or after taking adjusting PS strategy. The number of the above curve in any one of the three charts is attained by dividing the difference of ADOD value after taking previous PS strategy minus not taking PS strategy by the ADOD value of not taking PS strategy in the original experiment in section 4.2.2.1:
The above Number on the Curve
=ADOD(Previous PS Strategy)-ADOD(No PS)ADOD(No PS) .
177
On the other hand, the number of the below curve in any one of the three charts is attained by dividing the difference of ADOD value after taking adjusted PS strategy minus not taking PS strategy by the ADOD value of not taking PS strategy in this experiment:
The below Number on the Curve
=ADOD(Adjusted PS Strategy)-ADOD(No PS)ADOD(No PS) .
The experiment results are demonstrated in Figure A-8, Figure A-9, and Figure A-10.
Figure A-8: Comparison between Previous PS and Adjusted PS of Network A (GD)
-0.092 -0.106 -0.069
-0.518
-0.552 -0.578
-0.7 -0.6 -0.5 -0.4 -0.3 -0.2 -0.1 0
(0.3, 0.7) (0.5, 0.5) (0.7, 0.3)
The percentage of decrease of ADOD Values
Previous PS Adjusted PS
178
Figure A-9: Comparison between Previous PS and Adjusted PS of Network A (RD)
Figure A-10: Comparison between Previous PS and Adjusted PS of Network A (SF)
The percentage of decrease of ADOD Values
Previous PS
The percentage of decrease of ADOD Values
Previous PS Adjusted PS
179
Experiments Results
No matter under what kind of network topologies and proportions of attack to defense resource, the percentages of decrease of ADOD values are much more after taking adjusted PS strategy.
Discussion of Results
We take Figure A-8 for example here. Under the proportion of (0.3, 0.7), 0.092 indicates that after taking previous PS strategy, the attained ADOD value would decrease 9.2% of the original ADOD value; on the other hand, after taking adjusted PS strategy, the original ADOD value would decrease 51.8%. We would find that no matter under what kind of network topologies and proportions of attack to defense resource, the percentages of decrease of ADOD values are far larger after taking adjusted PS strategy than taking previous PS strategy.
III. The Variation of ADOD Values of Network B
The experiment results are demonstrated in Figure A-11, Figure A-12, and Figure A-13.
180
Figure A-11: Results of Taking Adjusted PS Strategy or Not in Network B (0.3, 0.7)
Figure A-12: Results of Taking Adjusted PS Strategy or Not in Network B (0.5, 0.5)
2.1112.406 2.341 2.308
2.666 2.625
The variation of ADOD values of network B
ADOD Value (No PS) ADOD Value (PS)
The variation of ADOD values of network B
ADOD Value (No PS) ADOD Value (PS)
181
Figure A-13: Results of Taking Adjusted PS Strategy or Not in Network B (0.7, 0.3)
Experiments Results
After player A takes PS strategy in the first round, the ADOD values of player B’s network topology would increase when comparing with the results of no one takes PS strategy.
Discussion of Results
In previous experiment, due to player B’s resources are sufficient and his reactive defense strategy, the compromised nodes would be repaired and reinforced more defense resources. However, since player B’s resources are
4.218 4.552 4.49
5.748 6.129 6.038
0 1 2 3 4 5 6 7
Grid Random Scale-free
The variation of ADOD values of network B
ADOD Value (No PS) ADOD Value (PS)