Incorporating Attack-Type Uncertainty into Network Protection. / Garnaev, A.; Baykal-Gursoy, M.; Poor, H.V.
In: IEEE Transactions on Information Forensics and Security, Vol. 9, No. 8, 2014, p. 1278-1287.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - Incorporating Attack-Type Uncertainty into Network Protection
AU - Garnaev, A.
AU - Baykal-Gursoy, M.
AU - Poor, H.V.
PY - 2014
Y1 - 2014
N2 - Network security against possible attacks involves making decisions under uncertainty. Not only may one be ignorant of the place, the power, or the time of potential attacks, one may also be largely ignorant of the attacker's purpose. To illustrate this phenomenon, this paper proposes a simple Bayesian game-theoretic model of allocating defensive (scanning) effort among nodes of a network in which a network's defender does not know the adversary's motivation for intruding on the network, e.g., to bring the maximal damage to the network (for example, to steal credit card numbers or information on bank accounts stored there) or to infiltrate the network for other purposes (for example, to corrupt nodes for a further distributed denial of service botnet attack on servers). Due to limited defensive capabilities, the defender faces the dilemma of either: 1) focusing on increasing defense of the most valuable nodes, and in turn, increasing the chance for the adversary to sneak into the network through less valuable
AB - Network security against possible attacks involves making decisions under uncertainty. Not only may one be ignorant of the place, the power, or the time of potential attacks, one may also be largely ignorant of the attacker's purpose. To illustrate this phenomenon, this paper proposes a simple Bayesian game-theoretic model of allocating defensive (scanning) effort among nodes of a network in which a network's defender does not know the adversary's motivation for intruding on the network, e.g., to bring the maximal damage to the network (for example, to steal credit card numbers or information on bank accounts stored there) or to infiltrate the network for other purposes (for example, to corrupt nodes for a further distributed denial of service botnet attack on servers). Due to limited defensive capabilities, the defender faces the dilemma of either: 1) focusing on increasing defense of the most valuable nodes, and in turn, increasing the chance for the adversary to sneak into the network through less valuable
U2 - 10.1109/TIFS.2014.2329241
DO - 10.1109/TIFS.2014.2329241
M3 - Article
VL - 9
SP - 1278
EP - 1287
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
SN - 1556-6013
IS - 8
ER -
ID: 5733817