At present, network survivability is becoming an important issue of network security technology. Numerous studies have been devoted to defining the meaning of network survivability and estimating the impact of external and internal factors on the network survivability [12][13]. When evaluating the survivability of a network, the mathematical programming approaches such as game theory [14][15], Lagrangean Relaxation Method [16][17], etc. would be the most significant work, which may carry out the precise description and formal analysis for the dynamic behavior of network system through the attack-defense scenario.
When it comes to network optimization problems under the attack-defense problems, we usually consider there are a cyber attacker and a network defender interacting with each other. On one hand, the goal of the cyber attacker is to minimize the maximum network survivability of the defender; on the other hand, the network defender expects to maximize the minimum network survivability of his own. As a result, the attack-defense problem becomes a min-max or max-min problem.
In addition, previous related works often consider one-round in the attack-defense problem [14][15][16][17]. However, due to the tremendous amount of uncertainty
10
about the attacker’s behaviors, e.g., motivations, preferences, actions, the types of attacks, attack prediction is a very challenging task and should be observed for a long time. Moreover, defense strategies against intentional attacks can influence the adaptive strategy of the attacker, and vice versa. In order to achieve the goal of maximizing or minimizing the network survivability, both of the cyber attacker and the network defender might consider carefully how to allocate or even reallocate their limited resources, which should be estimated to take several rounds of interactions in reality. As a result, it is necessary to develop the concept of multi-round attack-defense scenario analysis in our work.
How to evaluate the network survivability is a critical issue in the attack-defense model. Traditionally, the Degree of Disconnectivity (DOD) metric which was proposed in [17] is used to measure the damage degree of a network. However, the DOD metric is used under the assumption that the attack is either successful or unsuccessful, which ignores the attack might not be 100% successful or unsuccessful. Therefore, a novel metric which is called Average Degree of Disconnectivity (Average DOD; Average DOD could be abbreviated to “ADOD”) proposed in [18] is adopted in our model.
Average DOD consists of the concept of attack success probability calculated by contest success function [19] and the concept of DOD metric. The larger the Average
11
DOD value, the smaller the network survivability.
In the past, we usually consider the network security under the scope of an enterprise or a personal computer. However, due to political reasons, we often hear news about the information warfare between two conflicting nation-states. The former U.S. government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines “cyberwarfare” as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” [5]. In addition, in May, 2009, American president Obama assigned White House level security officials to help every government department set up their network security policies and establish response mechanisms to serious network attacks. Moreover, he also devoted his effort on raising awareness among all Americans of online threats in order to protect national critical infrastructures, and declared a plan which is called
“Cybersecurity”. Unavoidably, the scope of network security should be extended to national level.
In 2009, a worm named Stuxnet targeting of “high-valued” Iranian assets was first discovered. It is the first purpose-built worm designed to attack programmable logic controllers (PLC), industrial control systems that help run critical infrastructure
12
environments [6]. Stuxnet was designed purely to attack PLCs and cause damage to the infrastructure they operate and, ultimately, to the people and organizations that depend on that infrastructure.
Stuxnet is clearly an example of a stealthy worm developed by an adversary that spent a great deal of time and money on research and development. Ever since the discovery of the worm, there has been incessant speculation that Stuxnet is a nation-state attack against Iranian nuclear plants. From BBC new on September 23, 2010 [7], Symantec security researcher Liam O Murchu suggested that whoever had created the worm had put a “huge effort” into it. “It is a very big project, it is very well planned, it is very well funded,” he said. “It has an incredible amount of code just to infect those machines.” His analysis is backed up by other research done by security firms and computer experts. “With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,”
said Ralph Langner, an industrial computer expert in an analysis he published on the web. “This is not some hackers sitting in the basement of his parents’ house. To me, it seems that the resources needed to stage this attack point to a nation-state,” he wrote.
The suspect has finally been confirmed in June this year, unnamed U.S.
13
government officials have told a New York Times reporter that the Stuxnet worm was created secretively by the U.S. and Israeli intelligence agencies [8]. It is estimated that Iran might expect a retaliatory strike to be launched against the U.S. by the Iranian cyber army [9]. Without a doubt, the cyberwar between the U.S. and Iran has just formally begun.
From the news that mentioned above, a nation-state cyberwar is getting more and more sobering and unavoidable, which should be highly concerned nowadays. In addition, there is a term best describe this kind of attack which is called Advanced Persistent Threat (APT). APT now is frequently used as a replacement term to describe cyberwarfare between nation-states [10]. It could be viewed as a type of collaborative attack that includes various resourced and specialized attackers working together to mount an attack.
As a result, from the point of view of a nation, military resources could be allocated not only to passive defense but also to active defense which means “attack”.
Traditionally, in previous attack-defense problem, we usually consider a cyber attacker who can only attack and a network defender who can only defense. However, under the fact that there are both attack and defense abilities existing in the nature of a nation, it
14
is essential to transfer the traditional scenario of a cyber attacker and a network defender into two players. Both of the two players can not only defend but also attack at the same time [27]. Hence, we would like to consider a dual-role of each player as an attacker and a defender.
Motivated by the reasons and previous works aforementioned, in this attack-defense model, the scenario will consider each of the two players having the abilities of attack and defense at the same time; furthermore, the attack behavior is launched by collaborative attack in this model. Moreover, under the framework of a multi-round model, resource allocation, resources reallocation, and information update of both players in each round are also considered in this paper. The more details would be further discussed in chapter 2.