SaTC: CORE: Small: Towards Robust Moving Target Defense: A Game Theoretic and Learning Approach

SaTC：核心：小型：迈向稳健的移动目标防御：博弈论和学习方法

基本信息

批准号：
1816495
负责人：
Zizhan Zheng
金额：
$ 24.42万
依托单位：
Tulane University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2018
资助国家：
美国
起止时间：
2018-08-15 至 2022-07-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1816495&HistoricalAwards=false
关键词：
SaTC CORE Small Towards Robust

项目摘要

Malicious attacks are constantly evolving to inflict even more damage on the nation's infrastructure systems, corporate information technology (IT) systems, and our digital lives. A fundamental obstacle to achieving effective defense is information asymmetry, through which, under current static and passive defense schemes, the attacker has essentially limitless time to observe and learn about the defender, while the defender knows very little about the attacker. A promising approach to reverse information asymmetry is Moving Target Defense (MTD), whereby the defender dynamically updates system configurations to impede the attacker's learning process. Although MTD has been successfully applied in various domains, existing solutions typically assume an attacker with fixed capabilities and behavioral patterns that are known to the defender. The overarching goal of this project is to develop the foundations for the design and analysis of robust MTD mechanisms that can provide a guaranteed level of protection in the face of unknown and adaptive attacks. The proposed research contributes to the emerging field of the science of security via a cross-disciplinary approach that combines techniques from cybersecurity, game theory, and machine learning. The investigator will disseminate the research findings to industry to help impact real systems. Elements from this research are to be incorporated into new courses on cybersecurity at Tulane University. The project engages underrepresented students and K-12 students and provides rich research experience to undergraduate students.Developing robust MTD faces three major challenges induced by (1) the coupling of system dynamics and incentives; (2) the hidden behavior of stealthy attacks; (3) the necessity of coordinating multiple defenders in large systems. To tackle these challenges, the investigator will focus on three interrelated thrust areas. In the first thrust, a dynamic two-timescale MTD game that captures a variety of attack patterns and feedback structures is designed and techniques for handling games with large state spaces are investigated. In the second thrust, reinforcement learning-based MTD policies for thwarting unknown attacks are studied. The focus is on developing approximately optimal solutions with low complexity that can effectively exploit the delayed and noisy feedback during the game. In the third thrust, the MTD game and learning framework are extended to incorporate multiple attackers and defenders, and information sharing and mediation schemes for enabling coordinated MTD are investigated. The developed game models and defense strategies are validated via testbed implementations and trace-driven simulations. The research outcomes are expected to provide new insights and novel mechanisms that will significantly advance our understanding of how strategic thinking and learning can help achieve more adaptive cyber defense against advanced attacks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

恶意攻击不断演变，对国家基础设施系统、企业信息技术 (IT) 系统和我们的数字生活造成更大的损害。实现有效防御的一个根本障碍是信息不对称，在目前的静态和被动防御方案下，攻击者基本上有无限的时间来观察和了解防御者，而防御者对攻击者的了解却很少。扭转信息不对称的一种有前途的方法是移动目标防御（MTD），防御者可以动态更新系统配置以阻止攻击者的学习过程。尽管 MTD 已成功应用于各个领域，但现有解决方案通常假设攻击者具有防御者已知的固定能力和行为模式。该项目的总体目标是为强大的 MTD 机制的设计和分析奠定基础，该机制可以在面对未知和自适应攻击时提供有保证的保护级别。拟议的研究通过结合网络安全、博弈论和机器学习技术的跨学科方法，为安全科学的新兴领域做出了贡献。研究人员将向业界传播研究结果，以帮助影响实际系统。这项研究的内容将被纳入杜兰大学网络安全新课程中。该项目吸引了代表性不足的学生和K-12学生，并为本科生提供了丰富的研究经验。开发强大的MTD面临着三个主要挑战：（1）系统动力学和激励的耦合；（二）隐秘攻击行为的隐蔽性； (3)大型系统中协调多个防御者的必要性。为了应对这些挑战，研究人员将重点关注三个相互关联的重点领域。在第一个推力中，设计了一种动态的两时间尺度 MTD 博弈，该博弈捕获了各种攻击模式和反馈结构，并研究了处理具有大状态空间的博弈的技术。第二个重点是研究基于强化学习的 MTD 策略来阻止未知攻击。重点是开发低复杂度的近似最优解决方案，可以有效地利用游戏过程中的延迟和噪声反馈。第三个重点是，MTD 博弈和学习框架被扩展为包含多个攻击者和防御者，并研究了用于实现协调 MTD 的信息共享和调解方案。开发的游戏模型和防御策略通过测试台实施和跟踪驱动的模拟进行验证。研究成果预计将提供新的见解和新颖的机制，从而显着增进我们对战略思维和学习如何帮助实现针对高级攻击的更具适应性的网络防御的理解。该奖项反映了 NSF 的法定使命，并通过评估被认为值得支持利用基金会的智力优势和更广泛的影响审查标准。