The security in networked systems depends greatly on recognizing and identifying adversarial behaviors. Traditional detection methods focus on specific categories of attacks and have become inadequate for increasingly stealthy and deceptive attacks that are designed to bypass detection strategically. This work aims to develop a holistic theory to countermeasure such evasive attacks. We focus on extending a fundamental class of statistical-based detection methods based on Neyman-Pearson's (NP) hypothesis testing formulation. We propose game-theoretic frameworks to capture the conflicting relationship between a strategic evasive attacker and an evasion-aware NP detector. By analyzing both the equilibrium behaviors of the attacker and the NP detector, we characterize their performance using Equilibrium Receiver-Operational-Characteristic (EROC) curves. We show that the evasion-aware NP detectors outperform the passive ones in the way that the former can act strategically against the attacker's behavior and adaptively modify their decision rules based on the received messages. In addition, we extend our framework to a sequential setting where the user sends out identically distributed messages. We corroborate the analytical results with a case study of anomaly detection.
翻译:网络化系统的安全在很大程度上取决于识别和识别对抗行为。传统的检测方法侧重于特定攻击类别,已经不足以应对越来越隐蔽和欺骗性的攻击,这些攻击旨在从战略上绕过探测。这项工作旨在开发一种综合理论来对付这种逃避式攻击。我们侧重于扩大基于Neyman-Pearson(NP)假设测试的基于统计的检测方法的基本类别。我们提出了游戏理论框架,以捕捉战略规避攻击者与逃避意识NP探测器之间的矛盾关系。我们通过分析攻击者和NP探测器的平衡行为,我们用Equiliblium 收件人-操作-操作-Characteristic(EROC)曲线来描述其表现。我们通过分析结果,我们通过分析结果,通过分析结果,我们通过分析结果,通过分析结果可以从战略角度对攻击者的行为采取行动,并根据收到的信息,适应性地修改其决定规则。此外,我们将框架扩大到一个顺序设置用户发送相同分布式的检测信息。我们用分析结果来证实异常现象。