SaTC: CORE: Small: Towards Robust Moving Target Defense: A Game Theoretic and Learning Approach

SaTC：核心：小型：迈向稳健的移动目标防御：博弈论和学习方法

• 批准号: 1816495
• 负责人: Zizhan Zheng
• 金额: $ 24.42万
• 依托单位: Tulane University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-15 至 2022-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1816495&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Towards; Robust; SaTC; CORE; Small; Towards; Robust

Malicious attacks are constantly evolving to inflict even more damage on the nation's infrastructure systems, corporate information technology (IT) systems, and our digital lives. A fundamental obstacle to achieving effective defense is information asymmetry, through which, under current static and passive defense schemes, the attacker has essentially limitless time to observe and learn about the defender, while the defender knows very little about the attacker. A promising approach to reverse information asymmetry is Moving Target Defense (MTD), whereby the defender dynamically updates system configurations to impede the attacker's learning process. Although MTD has been successfully applied in various domains, existing solutions typically assume an attacker with fixed capabilities and behavioral patterns that are known to the defender. The overarching goal of this project is to develop the foundations for the design and analysis of robust MTD mechanisms that can provide a guaranteed level of protection in the face of unknown and adaptive attacks. The proposed research contributes to the emerging field of the science of security via a cross-disciplinary approach that combines techniques from cybersecurity, game theory, and machine learning. The investigator will disseminate the research findings to industry to help impact real systems. Elements from this research are to be incorporated into new courses on cybersecurity at Tulane University. The project engages underrepresented students and K-12 students and provides rich research experience to undergraduate students.Developing robust MTD faces three major challenges induced by (1) the coupling of system dynamics and incentives; (2) the hidden behavior of stealthy attacks; (3) the necessity of coordinating multiple defenders in large systems. To tackle these challenges, the investigator will focus on three interrelated thrust areas. In the first thrust, a dynamic two-timescale MTD game that captures a variety of attack patterns and feedback structures is designed and techniques for handling games with large state spaces are investigated. In the second thrust, reinforcement learning-based MTD policies for thwarting unknown attacks are studied. The focus is on developing approximately optimal solutions with low complexity that can effectively exploit the delayed and noisy feedback during the game. In the third thrust, the MTD game and learning framework are extended to incorporate multiple attackers and defenders, and information sharing and mediation schemes for enabling coordinated MTD are investigated. The developed game models and defense strategies are validated via testbed implementations and trace-driven simulations. The research outcomes are expected to provide new insights and novel mechanisms that will significantly advance our understanding of how strategic thinking and learning can help achieve more adaptive cyber defense against advanced attacks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

恶意攻击不断地不断发展，对国家的基础设施系统，公司信息技术（IT）系统和我们的数字生活造成更大的破坏。实现有效防御的根本障碍是信息不对称性，在当前的静态和被动防御计划下，攻击者基本上有无限的时间来观察和了解防守者，而后卫对攻击者的了解很少。反向信息不对称的一种有前途的方法是移动目标防御（MTD），后卫动态更新系统配置以阻止攻击者的学习过程。尽管MTD已成功地应用于各个域中，但现有解决方案通常假设具有固定功能和行为模式的攻击者已知。该项目的总体目标是为强大的MTD机制设计和分析开发基础，这些机制可以在面对未知和适应性攻击的情况下提供保证的保护水平。拟议的研究通过跨学科的方法为新兴的安全科学领域做出了贡献，该方法结合了网络安全，游戏理论和机器学习的技术。研究人员将向行业传播研究结果，以帮助影响实际系统。这项研究的元素将纳入杜兰大学的网络安全课程中。该项目吸引了代表性不足的学生和K-12学生，并为本科生提供丰富的研究经验。建立强大的MTD面临着（1）系统动态和激励措施的耦合所引起的三个主要挑战； （2）隐秘攻击的隐藏行为； （3）在大型系统中协调多个防御者的必要性。为了应对这些挑战，调查人员将专注于三个相互关联的推力区域。在第一个推力中，设计了一种动态的两次尺度MTD游戏，该游戏捕获了各种攻击模式和反馈结构，并研究了处理具有较大状态空间的游戏的技术。在第二个推力中，研究了基于加强学习的MTD政策，以挫败未知攻击。重点是开发具有低复杂性的大约最佳解决方案，可以有效利用游​​戏过程中延迟和嘈杂的反馈。在第三个推力中，MTD游戏和学习框架扩展了以结合多个攻击者和防御者，并研究了启用协调MTD的信息共享和调解方案。开发的游戏模型和防御策略通过测试台实现和痕量驱动模拟验证。预计研究结果将提供新的见解和新颖的机制，从而大大提高我们对战略思维和学习如何有助于实现对先进攻击的更适应性的网络防御的理解。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛的影响来通过评估来支持的。