APPLICATION OF GAME THEORY FOR ACTIVE CYBER DEFENSE AGAINST ADVANCED PERSISTENT THREATS

Loading...
Thumbnail Image
Authors
Benn, Andrew S.
Benn, Stephanie M.
Subjects
advanced persistent threats
game theory
active cyber defense
cyber deception
moving-target defense
reinforcement learning
machine learning
Advisors
Rowe, Neil C.
Huntley, Wade L.
Date of Issue
2023-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Advanced persistent threats (APTs) are determined, adaptive, and stealthy threat actors in cyber space. They are often hosted in, or sponsored by, adversary nation-states. As such, they are challenging opponents for both the U.S. military and the cyber-defense industry. Current defenses against APTs are largely reactive. This thesis used machine learning and game theory to test simulations of proactive defenses against APTs. We first applied machine learning to two benchmark APT datasets to classify APT network traffic by attack phase. This data was then used in a game model with reinforcement learning to learn the best tactics for both the APT attacker and the defender. The game model included security and resource levels, necessary conditions on actions, results of actions, success probabilities, and realistic costs and benefits for actions. The game model was run thousands of times with semi-random choices with reinforcement learning through a program created by NPS Professor Neil Rowe. Results showed that our methods could model active cyber defense strategies for defenders against both historical and hypothetical APT campaigns. Our game model is an extensible planning tool to recommend actions for defenders for active cyber defense planning against APTs.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
DISA, Arlington, VA, 22204
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections