Presentation is loading. Please wait.

Presentation is loading. Please wait.

Panel: Theory and fundamental understanding of network system resiliency, performance and usability Ness B. Shroff Electrical and Computer Engineering.

Published byBeverly Ellis Modified over 6 years ago

Similar presentations

Presentation on theme: "Panel: Theory and fundamental understanding of network system resiliency, performance and usability Ness B. Shroff Electrical and Computer Engineering."— Presentation transcript:

1 Panel: Theory and fundamental understanding of network system resiliency, performance and usability
Ness B. Shroff Electrical and Computer Engineering & Computer Science and Engineering

2 Question 1 Modeling When performance and security both come as priorities for the system design, how should we proceed to understand the optimality or tradeoff in such design? Network behaviors (e.g., random access or queuing) can be usually (and sometimes relatively easily) characterized by a good analytical framework (e.g., using queuing, control, information, or game theories). Are they still vital tools in the presence of an attacker? In addition, the attacker’s behavior can be rather ad-hoc or unpredictable. Is it time to have a fresh look at defining a comprehensive network adversary model? So, I’m going to take an opportunity to answer the first two questions. The first question is about modeling.

3 Existing analytical tools are still important in modeling in the presence of attackers
Queueing Theory and Models Capture Delays, Throughput, Data freshness/age … Can be used as tools to understand normal vs abnormal behavior in the presence of an attacker Useful in analyzing data retrieval in coded data systems (robustness) Useful in developing algorithms to react to network attacks (e.g., re- routing, cong. control…) Information Theory Provides a methodology to communicate with guaranteed perfect secrecy regardless of computational power of attackers Ideas from Shannon and Wyner can be combined with optimization, network control, and queueing theory to achieve real- time secret communication [Shroff et. al, Tran. on Info. Theory 2013]. Recent extensions to active attackers and MIMO [Koksal et. al] Can use signals at physical layer to develop techniques for not only covert communication, but also authentication, message integrity… I argue that we don’t need to throw away our existing analytical tools. They are still important …

4 Existing analytical tools still important in modeling in the presence of attackers
Control and optimization theory Useful in designing robust algorithms (e.g., robust opt/control) Understanding how to react to adversarial attacks (congestion control, prioritization/scheduling, dynamic control…) Characterize the tradeoffs between resources/redundancies needed to protect network and loss in network performance Useful in designing systems with both security and performance Game theory Considers the strategic behavior of the attackers and defenders Used to develop dominated equilibrium strategies Recent advances under limited rationality (ad hoc or unpredictable behavior) Can model dependencies at additional computational cost… Network theory + Machine Learning = Yes! Traditional Approaches + Learning  Develop Comprehensive Network Adversary Models

5 Comprehensive Network Adversary Model
Multi-Stage Multi-Party Bayesian Security Game Time-scales: the network and actions can be dynamic Interdependencies: Between different nodes: Non-additive utility functions Between different networks: Power Grid, Comm. Network, water network, social network Between different agents: classes of adversaries, defenders, neutral players, etc. Between agents and networks: social network and attackers/defenders, etc. Uncertainties: Attacker Type Attacker’s action (level of rationality) Learning (and luring) can be used to estimate: Agent behavior, inter-dependencies, structure … Here is a candidate comprehensive network adversary model…

6 Challenges and Open problems
Curse of dimensionality Complexity is linear in the time dimension. We need to dynamically solve a Bayesian security game. Complexity could be exponential in action space. Dependencies complicate this. From Harsanyi transformation, the uncertainty will in the attacker lead to explosion of action space. Complexity is exponential in number of players (parties). Open problems: There are many open problems here: Baysian comes from which attacker will have highest probability to attack. Comes from the uncertainty in the attacker type. Dependency complicates the action space. Dependencies complicate network behavior. Multi-scale: time, type of attacker, multiple party (attacker, defender, neutral, social links between players in different groups). Does this multi-scale modeling increase the efficacy of our security defense? How can we efficiently output the security policy from this model? What is the complexity of solving this game? Preliminary results shows that the solving complexity of some classes can be reduced to polynomial time via a low-rank decomposition technique [Wang & Shroff Sigmetrics 2017]

7 Proactive and Dynamic Defense
Question 2 Proactive and Dynamic Defense Recent proactive defense suggests constantly and proactively changing network configurations for security (e.g., a node keeps changing its route/path). How can we fully understand the benefits, costs, and/or usability behind making defense dynamic and proactive? Baysian comes from which attacker will have highest probability to attack. Comes from the uncertainty in the attacker type. Dependency complicates the action space. Dependencies complicate network behavior. Multi-scale: time, type of attacker, multiple party (attacker, defender, neutral, social links between players in different groups).

8 Proactive defense with game theory
Proactively change the routing path (e.g., among each of the above config.) Alternate among four routing paths with some pre-defined probability. On a ”shallow level”: a good strategy to confuse the attacker. Deeper level: stealthy attacker can observe and predicts the strategy. Combine Game theory + learning to develop a more reliable strategy A new framework against stealth attacker: periodically update the strategy based on online learning [Zheng & Shroff, AAAI 17’]. Path A Path B Path C Path D 4 figures describing 4 possible paths from source to destination.

9 Challenges and Open problems
Current results are limited to independent targets We need to extend to the dependent targets in the network. Attacker behavior is highly dynamic and non-stationary. Most online learning algorithms require stationary assumptions. Open problems: How can we learn in non-stationary environments? Preliminary work for change detection in non-stationary environments [Liu, Lee, and Shroff, AAAI’18] How do we characterize the dependency among targets in the network? Use non-additive utility functions? [Wang and Shroff, Sigmetrics 2017]

10 Characterizing Dependencies: Non-additive utility functions
Toy example: security game on a network Targets: 1,2,3,4 Strategies: {1}, {2}, {3}, {4}, {1,2}, {3,4} Utilities: network value function where is number of nodes in the ith connected component For example, the network value of the original network is After removing node 3, the network is one 18-nodes network and one isolated node, the network value is A. Gueye and J. C. Walrand. Towards a metric for communication network vulnerability to attacks: A game theoretic approach. In Game Theory for Networks, pages 259–274. Springer, 2012.

11 Characterizing Dependencies: Non-additive utility functions
Why are non-additive utility functions important? The non-additive strategy is more reliable! Why? Synergy effect! The benefit of 1,2 >> benefit of 1 + benefit of 2 Additive vs Non-additive The NE under additive case is that defender choose strategy {1,2} with probability and strategy {3,4} with probability 0.66. The NE under non-additive case is that defender choose strategy {1,2} with probability 0.63 and strategy {3,4} with probability 0.37.

12 Non-additive security game has many non-networking applications
Security game is two-player normal form game between an attacker and a defender. Select a subset of targets to defend. Select target to attack and avoid being trapped by defender Targets Attacker (Limited Budget) Defender (resource allocation constraint) The classic security game model is a 2-player normal form non-zero-sum game. With one player is attacker, the other player is the defender. There exists number of n targets, each target is indexed by 1,2,…,n. The defender is assumed to have limited resources… The goal is to determine the the equilibrium strategy such as Nash equilibrium and Stackelberg equilibrium to protect the critical infrastructure. Efficiently determine the equilibrium strategy (NE, SSE) to protect the critical infrastructure.

13 Federal Air Marshal Service (FAMS)
Allocate limited number of Air Marshals to protect the flights. Defender pure strategy space: Only 100 flights and 10 air marshals yields 1013 pure strategies. Real problem size: over flights per day. [2]: Target: flights Resource: air marshal. Resource Schedules Targets The first application is the IRIS system in the FAMS. The goal is to… In this problem, [1] Tsai J, Rathi S, Kiekintveld C, et al. IRIS-A Tool for Strategic Security Allocation in Transportation Networks[J]. AAMAS 09.

14 Game theory & National security
Other applications

15 Non-additive Security Game Model
Complete pure strategy space: Attacker and defender’s pure strategy space is the power set of [n]: Non-additive utility function: Benefit function: Attacker cost function: Defender cost function: Mixed strategies It specifies the probabilities of playing each pure strategies Attacker and defender’s mixed strategy is a vector Bilinear form Defender’s pure strategy is is a feasible assignment of resources to targets

16 Challenges and main results
Both exponential large attacker’s and defender’s pure strategy space Exponential number of utility functions Some Progress: Decomposition-based compact representation technique in the NASG. An oracle-based algorithm to efficiently compute the mixed strategies of NASG. The complexity of computing the mixed strategies of NASG. Some important cases are polynomial

17 Conclusion Traditional analytical tools are useful in designing networks in presence of attackers Queueing, Information Theory, Control, Game Theory, … Full power can be harnessed by using the right combination of these tools (problem specific) and learning and luring (e.g., honeypots) Need to develop tractable models that can characterize network/agent dependencies, handle multi-scale dynamics, and account for intelligent/patient adversaries

18 Thank you

Download ppt "Panel: Theory and fundamental understanding of network system resiliency, performance and usability Ness B. Shroff Electrical and Computer Engineering."

Similar presentations

N. Basilico, N. Gatti, F. Amigoni DEI, Politecnico di Milano Leader-Follower Strategies for Robotic Patrolling in Environments with Arbitrary Topology.

N. Basilico, N. Gatti, F. Amigoni DEI, Politecnico di Milano Leader-Follower Strategies for Robotic Patrolling in Environments with Arbitrary Topology.
Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.

Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.
Hadi Goudarzi and Massoud Pedram

Hadi Goudarzi and Massoud Pedram
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Continuation Methods for Structured Games Ben Blum Christian Shelton Daphne Koller Stanford University.

Continuation Methods for Structured Games Ben Blum Christian Shelton Daphne Koller Stanford University.
1 University of Southern California Keep the Adversary Guessing: Agent Security by Policy Randomization Praveen Paruchuri University of Southern California.

1 University of Southern California Keep the Adversary Guessing: Agent Security by Policy Randomization Praveen Paruchuri University of Southern California.
Game Theoretical Insights in Strategic Patrolling: Model and Analysis Nicola Gatti – DEI, Politecnico di Milano, Piazza Leonardo.

Game Theoretical Insights in Strategic Patrolling: Model and Analysis Nicola Gatti – DEI, Politecnico di Milano, Piazza Leonardo.
Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.
Playing Games for Security: An Efficient Exact Algorithm for Solving Bayesian Stackelberg Games Praveen Paruchuri, Jonathan P. Pearce, Sarit Kraus Catherine.

Playing Games for Security: An Efficient Exact Algorithm for Solving Bayesian Stackelberg Games Praveen Paruchuri, Jonathan P. Pearce, Sarit Kraus Catherine.
Computing equilibria of security games using linear integer programming Dima Korzhyk

Computing equilibria of security games using linear integer programming Dima Korzhyk
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Using Game Theoretic Approach to Analyze Security Issues In Ad Hoc Networks Term Presentation Name: Li Xiaoqi, Gigi Supervisor: Michael R. Lyu Department:

Using Game Theoretic Approach to Analyze Security Issues In Ad Hoc Networks Term Presentation Name: Li Xiaoqi, Gigi Supervisor: Michael R. Lyu Department:
Computing Optimal Randomized Resource Allocations for Massive Security Games Presenter : Jen Hua Chi Advisor : Yeong Sung Lin.

Computing Optimal Randomized Resource Allocations for Massive Security Games Presenter : Jen Hua Chi Advisor : Yeong Sung Lin.
Sogang University ICC Lab Using Game Theory to Analyze Wireless Ad Hoc networks.

Sogang University ICC Lab Using Game Theory to Analyze Wireless Ad Hoc networks.
Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:

Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:
Commitment without Regrets: Online Learning in Stackelberg Security Games Nika Haghtalab Carnegie Mellon University Joint work with Maria-Florina Balcan,

Commitment without Regrets: Online Learning in Stackelberg Security Games Nika Haghtalab Carnegie Mellon University Joint work with Maria-Florina Balcan,
CPS 173 Security games Vincent Conitzer

CPS 173 Security games Vincent Conitzer
01/16/2002 Reliable Query Reporting Project Participants: Rajgopal Kannan S. S. Iyengar Sudipta Sarangi Y. Rachakonda (Graduate Student) Sensor Networking.

01/16/2002 Reliable Query Reporting Project Participants: Rajgopal Kannan S. S. Iyengar Sudipta Sarangi Y. Rachakonda (Graduate Student) Sensor Networking.
Game Theory for Security: Lessons Learned from Deployed Applications Milind Tambe Chris Kiekintveld Richard John & teamcore.usc.edu.

Game Theory for Security: Lessons Learned from Deployed Applications Milind Tambe Chris Kiekintveld Richard John & teamcore.usc.edu.
MAKING COMPLEX DEClSlONS

MAKING COMPLEX DEClSlONS

Similar presentations

Ads by Google