Title: Network Centrality Game for Cyber Deception against Network Epidemic Propagation
Date: Tuesday, December 3, 2024 – 3 pm
Place: thesis room (salle des thèses) at the Hannah Arendt campus.
Abstract:
The rise in data breaches and service disruptions increasingly threatens internal security, with potentially devastating consequences for individuals and organizations. As a result, users of information and communication technologies must adopt tools that are both effective and efficient in combating the spread of malware. The term “users” encompasses a wide range of actors, including individuals, businesses, governmental and non-governmental organizations, and states, in short anyone who communicates through modern technologies. Among the most pressing threats they face are lateral movement and widespread epidemic propagation through the covert recruitment of unsuspecting users into botnets, the cyber-terrorist armies capable of inflicting significant damage, such as crippling businesses whose services are used by the same users. In these scenarios, as in many others, users, deceived by skilled experts known as attackers, unknowingly contribute to cyberattacks, with deception serving as the primary attack vector. Cybercriminals, unlike defenders, frequently violate privacy rules, allowing them to be better informed, sometimes unilaterally, about the level of compromise of each user.
In their efforts to control multiple devices, attackers inject malicious code from infected devices into vulnerable neighboring ones, triggering a conflict with network administrators known as defenders, who seek to mitigate the attackers’ influence. Both the attacker and the defender, intelligent and rational agents, engage in a dynamic competition, each seeking optimal strategies within the network. Game theory models have been widely employed to address the control of such epidemic propagation problems, with stochastic games (SGs) emerging as particularly suited due to two key factors: (1) their focus on the overall outcome, or utility, rather than rewards from individual stages of the game, and (2) their acknowledgment of the players’ inability to fully control the system’s evolution, reflecting users’ inherent naivety. When we factor in the asymmetry of information, where attackers are uniquely aware of the network state, the problem becomes a partially observable stochastic game (POSG). Furthermore, user naivety allows attackers to exploit them, thereby complicating the defender’s task. One approach to counteract attackers is to set up ambushes, subtle traps designed to prevent malicious actions. Considering all these factors, some authors have proposed a value iteration to solve this POSG. While the proposed algorithm converges to the optimal solution, the scalability issue persists in large networks or graphs.
To address this curse of dimensionality, we propose a Bayesian game framework that incorporates network topology by leveraging centrality measures to evaluate node influence within the graph. Our approach demonstrates that the optimal strategy for each player at any given time is to target the network’s most influential nodes. Furthermore, we show that defenders, rather than continuously updating their beliefs about the network’s state, can adopt a condensed belief representation for each node without altering their optimal strategy. This allows the defender to manage a vector of size n (for a network with n nodes) rather than the exponentially larger 2^n. Additionally, we explore several dimensions of this model, including scenarios where agents act with identical or distinct centrality measures and cases where actions are either costless or carry costs proportional to the centrality of the affected nodes. Recognizing that existing centrality measures are designed primarily for large-scale epidemic propagation, we propose a new centrality measure specifically tailored to address the lateral movement problem studied in our work.
Quanyan ZHU, Ass. Professor, New York University, Reporter
Tomáš KROUPA, Ass. Professor, Czech Technical University in Prague, Reporter
Abderrahim BENSLIMANE, Professor, LIA, Avignon University, Examiner
Jean-Pierre LIENOU, Ass. Professor, IUT-FV, University of Dschang, Examiner
Alexandre REIFFERS-MASSON, Ass. Professor, IMT Atlantique, Examiner
Yezekael HAYEL, Professor, LIA, Avignon University, Thesis director
Gabriel DEUGOUE, Professor, URMA, University of Dschang, Thesis co-Supervisor
Charles KAMHOUA, Senior Electronics Engin., Devcom Research Lab., Thesis co-Supervisor