This study addresses the question whether model knowledge can prevent a defender from being deceived or not in cyber security. As a specific model-based defense scheme, this study treats Bayesian defense mechanism, which monitors the system's behavior, forms a belief on existence of the attacker, and chooses appropriate reactions. Sophisticated attackers aim at achieving her objective while avoiding being detected by deceiving the defender. In this paper, their dynamic decision making is formulated as a stochastic signaling game. It is revealed that the belief on the true scenario has a limit in a stochastic sense at an equilibrium based on martingale analysis. This fact implies that there are only two possible cases: the defender asymptotically detects the attack with a firm belief or the attacker takes actions such that the system's behavior becomes nominal after a certain finite time step. Consequently, if the dynamics admits no stealthy attacks, the system is guaranteed to be secure in an asymptotic manner provided that effective countermeasures are implemented. The result concludes that model knowledge can prevent deception in an asymptotic sense. As an application of the finding, a defensive deception utilizing asymmetric recognition on vulnerabilities exploited by the attacker is analyzed. It is shown that, the attacker possibly stops the attack even if the defender is unaware of the vulnerabilities as long as the defender's unawareness is concealed by the defensive deception. Those results indicate the powerful defense capability achieved by model knowledge.
翻译:这项研究探讨了模型知识能否防止捍卫者在网络安全中被欺骗或不被欺骗的问题。 作为一个基于模型的具体防御机制,本研究只对待监测系统行为的巴伊西亚防御机制(Bayesian Defense Proference),它监测系统的行为,对攻击者的存在形成一种信念,并选择适当的反应。典型攻击者的目的是实现她的目标,同时避免通过欺骗捍卫者而察觉到。在本文中,他们的动态决策是作为一种随机的信号游戏来拟订的。它揭示了在基于马丁格尔分析的平衡中,对真实情景的信念具有质疑感的局限性。这个事实意味着只有两种可能的情况:捍卫者以坚定的信念或攻击者采取的行动,使系统的行为在一定的一段时间后变成象征性的。因此,如果动态承认没有隐蔽性攻击,则保证系统安全,只要执行有效的反措施,那么它就是一种模式方式。 其结论是,模型知识可以防止以隐蔽性意识防止欺骗性意识的欺骗。这个事实意味着只有两种可能的情况:捍卫者以坚定的信念来探测攻击攻击,如果利用隐性认识来进行隐蔽性认识,那么隐蔽的防御性认识,那么隐蔽性的防御性的防御性的防御性认识,那么,它就是用来的防御性认识,它显示攻击的弱点的弱点的弱点的弱点的弱点的弱点,它。它就是用来的弱点是用来的弱点,它所所所显示的弱点。