Visible to the public Dynamic Defense Strategy against Stealth Malware Propagation in Cyber-Physical Systems

TitleDynamic Defense Strategy against Stealth Malware Propagation in Cyber-Physical Systems
Publication TypeConference Paper
Year of Publication2018
AuthorsXiao, Kaiming, Zhu, Cheng, Xie, Junjie, Zhou, Yun, Zhu, Xianqiang, Zhang, Weiming
Conference NameIEEE INFOCOM 2018 - IEEE Conference on Computer Communications
Date Publishedapr
Keywordsadvanced persistent threat attacks, APT attacks, Benders decomposition algorithm, bi-level integer programs, composability, Conferences, CPS, Cyber-physical systems, decision making, DSPTI, dynamic defense strategy, game theory, Games, integer programming, invasive software, Loss measurement, Malware, model predictive control strategy, multi-stage dynamic game, predictive control, Predictive Metrics, primary safety requirement, pubcrawl, real-time decision making, Resiliency, Safety, security, shortest-path tree interdiction Stackelberg game, specialized anti-malware program, SSPTI, static game, stealth malware propagation, Zero Day Attacks and Defense
AbstractStealth malware, a representative tool of advanced persistent threat (APT) attacks, in particular poses an increased threat to cyber-physical systems (CPS). Due to the use of stealthy and evasive techniques (e.g., zero-day exploits, obfuscation techniques), stealth malwares usually render conventional heavyweight countermeasures (e.g., exploits patching, specialized ant-malware program) inapplicable. Light-weight countermeasures (e.g., containment techniques), on the other hand, can help retard the spread of stealth malwares, but the ensuing side effects might violate the primary safety requirement of CPS. Hence, defenders need to find a balance between the gain and loss of deploying light-weight countermeasures. To address this challenge, we model the persistent anti-malware process as a shortest-path tree interdiction (SPTI) Stackelberg game, and safety requirements of CPS are introduced as constraints in the defender's decision model. Specifically, we first propose a static game (SSPTI), and then extend it to a multi-stage dynamic game (DSPTI) to meet the need of real-time decision making. Both games are modelled as bi-level integer programs, and proved to be NP-hard. We then develop a Benders decomposition algorithm to achieve the Stackelberg Equilibrium of SSPTI. Finally, we design a model predictive control strategy to solve DSPTI approximately by sequentially solving an approximation of SSPTI. The extensive simulation results demonstrate that the proposed dynamic defense strategy can achieve a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS.
Citation Keyxiao_dynamic_2018