The increasing prevalence of security attacks on software-intensive systems calls for new, effective methods for detecting and responding to these attacks. As one promising approach, game theory provides analytical tools for modeling the interaction between the system and the adversarial environment and designing reliable defense. In this paper, we propose an approach for securing software-intensive systems using a rigorous game-theoretical framework. First, a self-adaptation framework is deployed on a component-based software intensive system, which periodically monitors the system for anomalous behaviors. A learning-based method is proposed to detect possible on-going attacks on the system components and predict potential threats to components. Then, an algorithm is designed to automatically build a \emph{Bayesian game} based on the system architecture (of which some components might have been compromised) once an attack is detected, in which the system components are modeled as independent players in the game. Finally, an optimal defensive policy is computed by solving the Bayesian game to achieve the best system utility, which amounts to minimizing the impact of the attack. We conduct two sets of experiments on two general benchmark tasks for security domain. Moreover, we systematically present a case study on a real-world water treatment testbed, i.e. the Secure Water Treatment System. Experiment results show the applicability and the effectiveness of our approach.
翻译:对软件密集型系统的安全攻击日益普遍,这要求采取新的有效方法来发现和应对这些攻击。作为一种有希望的方法,游戏理论提供了分析工具,用以模拟系统与对抗环境之间的互动,并设计可靠的防御。在本文件中,我们建议采用一种方法,使用严格的游戏理论框架确保软件密集型系统的安全。首先,在基于组件的软件密集系统上安装了自我改造框架,该系统定期监测异常行为系统。建议采用一种基于学习的方法,以发现系统组成部分可能发生的攻击,并预测对组成部分的潜在威胁。然后,根据系统结构设计一种算法,(其中某些组成部分可能已经受到破坏),自动建立一个基于系统结构的\emph{Bayesian游戏。一旦发现攻击,系统组成部分就以独立的游戏参与者为模范。最后,通过解决巴伊斯游戏来计算最佳防御政策,以达到最佳的系统效用,这相当于最大限度地减少攻击的影响。我们在安全领域的两项一般基准任务上进行两套实验。此外,我们系统地展示了安全性水上实验的结果。我们系统地试验了全球的系统。