FlipNet: Modeling Covert and Persistent Attacks on Networked Resources
Sudip Saha, Anil Vullikanti and Mahantesh Halappanavar
Virginia Polytechnic Institute and State University, Virginia Polytechnic Institute and State University, Pacific Northwest National Lab

Persistent and zero-day attacks have increased considerably in the recent past in terms of scale and impact. Security experts can no longer rely only on known defenses and thereby protect their resources permanently. It is increasingly common now to observe attackers being able to repeatedly break systems exploiting new vulnerabilities and defenders hardening systems with new measures. To model this phenomenon of the repeated takeover of the computing resources by system administrators and malicious attackers, a novel game framework, FLIPIT, has been proposed by [1] for a system consisting of a single resource. In this paper we extend this and develop FLIPNET, which is a repeated game framework for a networked system of multiple resources. This game involves two players—a defender and an attacker. Each player’s objective is to maximize his gain (i.e., his control over the nodes in the network with stealthy moves), while minimizing the cost for making those moves. This leads to a novel and natural game formulation, with a very complex strategy space, that depends on the network structure. We show that finding the best response strategy for both the defender and attacker is NP-hard. In a key result in this study, we show that the attacker’s gain for an instance of the game has a type of diminishing marginal return property, which leads to a near-optimal algorithm for maximizing the attacker’s gain. We examine the impact of network structure on the strategy space using simulations.