modeling and security analysis of enterprise network using attack-defense stochastic game petri nets...
TRANSCRIPT
![Page 1: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/1.jpg)
Modeling and Security Analysis of Enterprise Network
Using Attack-defense Stochastic Game
Petri Nets
Presenter: Jen-Hua ChiAdvisor: Frank, Yeong-Sung Lin
![Page 2: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/2.jpg)
2
Part I Introduction (Game Theory, Petri Net)Part II Model
Part III Enterprise Network
Part IV Analysis and Conclusion
Agenda
![Page 3: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/3.jpg)
3
Introduction
Journal: Security and Communication NetworksSecurity Comm. Networks 2013 Impact Factor: 0.414Author: Yuanzhuo Wang( 王卓元 )
![Page 4: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/4.jpg)
4
Enterprise networkfirewall, VPN, IDS/IPS, antivirus software,
content monitoring
prevent or to counteract attacks more effective
Introduction
![Page 5: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/5.jpg)
5
Stochastic Game Net
Stochastic Petri Net
Introduction - ADSGN
ADSGN
![Page 6: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/6.jpg)
Introduction - SGN
Game Theory :Nash Equilibrium(NE)
Limitations:1. do not have enough modeling abilities to
describe interaction relations 2. existing modeling methods are nearly
impossible to model the dynamic behaviors because of the complexity of state transitions
3. the full state space can be extremely large
![Page 7: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/7.jpg)
7
Stochastic Game Nets : - use of the NE as part of the transition probabilities in SGN models - build player models => combine - backwards: attack and defense actions that are interrelated with one another
Introduction- SGN
![Page 8: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/8.jpg)
8
Mathematical modeling languages directed bipartite graph nodes: transitions and places transitions : events that may occur places: conditionsThe directed arcs describe which places are
pre- and/or post conditions for which transitions occur.
Introduction- Stochastic Petri Net
![Page 9: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/9.jpg)
9
Introduction- Stochastic Petri Net
P is a set of states, called places. P = {P1,P2,P3,P4} T is a set of transitions. T = {T1,T2} M represents the number of tokens m0 ={1,0,2,1} Transition firing rates
![Page 10: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/10.jpg)
10
Introduction - ADSGN
According to the characteristics of the network attack and defense actions
suitable to investigate the complex and dynamic game-related issues in network attack
![Page 11: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/11.jpg)
11
Part I Introduction
Part II Model
Part III Enterprise Network
Part IV Analysis and Conclusion
Agenda
![Page 12: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/12.jpg)
12
Definition - Stochastic Game Nets Nine-tuple vector SGN :
is the action set of player k
![Page 13: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/13.jpg)
13
Nine-tuple vector SGN :Definition1 - Stochastic Game Nets
![Page 14: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/14.jpg)
14
Nine-tuple vector SGN :Definition - Stochastic Game Nets
![Page 15: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/15.jpg)
15
Definition - Stochastic Game Nets
Each token S is assigned a reward vector h(s) = (h1(s), h2(s),. . .,hn(s)),where hk(s) is the reward of player k in token s
Transition firing rates: consists of removing tokens from a subset of places and adding them to another subset
![Page 16: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/16.jpg)
16
Definition - Stochastic Game Nets
a strategy for player k is described as a vector
![Page 17: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/17.jpg)
17
(p denotes the initial state of player k)
Definition2 - Stochastic Game Nets
Player k’s utility is defined as :
An n-players game
![Page 18: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/18.jpg)
18
Definition3 - Stochastic Game Nets
NE is a vector
such that
![Page 19: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/19.jpg)
19
Definition3 - ADSGN
Players: n => 2 administrator, attacker
每個 player 只會有一個最佳策略 , 且此策略對另一 player 的效用較差
exist some transitions ti such that ti is no action
![Page 20: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/20.jpg)
20
For an ADSGN, if the two sets P and T contain finite elements, then there exists an NE under the setting of mixed strategies.
P : places describe the states of the system
Theorem 1 - ADSGN
![Page 21: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/21.jpg)
21
Modeling and analysis
Reward values R
represent the reward gained by the player when an action is completed
![Page 22: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/22.jpg)
22
First:)
Construction
Players model => combine the models
combining the places p that denote the same meanings in SGN models of different players:
- case1 - case2
![Page 23: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/23.jpg)
23
Construction – case1
Inhibition type
![Page 24: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/24.jpg)
24
Construction – case2
Termination type
![Page 25: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/25.jpg)
25
Utilities of players
each players objective is to maximize the expected return
k = 1, 2 is the initial place of strategy is the discount index of place
![Page 26: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/26.jpg)
26
Utilities of players
player k chooses an action using the probability distribution at place
In order to determine the optimal defense strategy, we must find the NE
![Page 27: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/27.jpg)
27
Continuous ACO(CACO)
Calculation of the Nash Equilibrium
For each place pi, the behavior is modeled as a matrix game Gi
action sets of the attacker action sets of the administrator
if an attack action is chosen in place pi , the intrusion is successful and undetected the system may transfer to another place pj
where the game can continue
![Page 28: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/28.jpg)
28
Calculation of the Nash equilibrium
U(pi) to denote the expected utility at place pi
![Page 29: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/29.jpg)
29
Calculation of the Nash equilibrium
![Page 30: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/30.jpg)
30
objective function
Calculation of the Nash equilibrium
![Page 31: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/31.jpg)
31
divide the place set into four parts, namely
MTFSB: mean time to first security breach
MTTSB: mean time to security breach
Evaluation and analysis
![Page 32: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/32.jpg)
32
Part I Introduction
Part II Model
Part III Enterprise Network
Part IV Analysis and Conclusion
Agenda
![Page 33: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/33.jpg)
33
Enterprise network
security process control structure
![Page 34: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/34.jpg)
34
security process control structure
(1) Scan the weak ports (attacker)(2) IDS detects the attack (administrator)(3) Administrator server orders the firewall and
trap node(administrator)(4) The attacker enters the trap node(attacker)(5) The trap node returns the false information
to the attacker (administrator)(6) obtain the evidence of the attacker (administrator)
![Page 35: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/35.jpg)
35
(7) cracks a common user’s user name and password (attacker)(8) The attacker gets the competence of root by handling the database (attacker)(9) The attacker installs the sniffer (attacker)(10) The administrator server orders the firewall and antivirus server to blockade the IP of the attacker and remove the sniffer (administrator)
security process control structure
![Page 36: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/36.jpg)
36
we have two action sets
security process control structure
![Page 37: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/37.jpg)
37
ADSGN model is based on the following three assumptions (1) the administrator does not know whether there is an attacker or not (2) the attacker may have several objectives and strategies that the defender does not know (3) not all of the attacker’s actions can be observe by the defender
security process control structure
![Page 38: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/38.jpg)
38
在此 model 中有六個 places
ADSGN Model of Enterprise Network
{p(normal), p(web server with vulnerability), p(get general permission), p(get root permission), p(sniffer installing), p(information stolen)} = {p1, p2, p3, p4, p5, p6}
![Page 39: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/39.jpg)
39
p2: web server with vulnerabilityP3: get general permissiona1:Scanvulnerability ; a2:CrackPassword
a3:Attackdatabase ; a7:emptyd1: IDSscan ; d2: Cheatattacker ; d3:Getevidenced6: empty
ADSGN Model of Enterprise Network
![Page 40: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/40.jpg)
40
ADSGN Model of Enterprise Network
p4: get root permissionP5:sniffer installinga4: Enhance permission ;a5:Installsniffera7:emptyd1:IDSscan ; d4: Blockade IPd5:Removesniffer ; d6:empty
![Page 41: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/41.jpg)
41
ADSGN Model of Enterprise Network
p6:information stolen
a6:Installsniffer ; a7:emptyd1:IDSscan; d4:BlockadeIPd5: Remove sniffer ; d6: empty
![Page 42: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/42.jpg)
42
Model-attacker
![Page 43: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/43.jpg)
43
Model - administrator
![Page 44: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/44.jpg)
44
Model - combine
![Page 45: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/45.jpg)
45
Part I Introduction
Part II Model
Part III Enterprise Network
Part IV Analysis and Conclusion (MTTSB, MTTFB, attack rate)
Agenda
![Page 46: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/46.jpg)
46
Experimental Security Analysis
![Page 47: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/47.jpg)
47
Experimental Security Analysis
![Page 48: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/48.jpg)
48
Experimental Security Analysis
![Page 49: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/49.jpg)
49
Experimental Security Analysis
![Page 50: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/50.jpg)
50
Experimental Security Analysis
![Page 51: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/51.jpg)
51
Inherit the advantages of Petri nets and SGNinvestigate key factors of the attack and
defense models, trying to find the inherent rules and patterns
Conclusion
![Page 52: Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter : Jen-Hua Chi Advisor: Frank, Yeong-Sung](https://reader034.vdocuments.net/reader034/viewer/2022050809/56649de45503460f94adaa2f/html5/thumbnails/52.jpg)
52
Thanks for your attention