Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adversarial Knapsack and Secondary Effects of Common Information for Cyber Operations

Jon Goohs, Georgel Savin, Lucas Starks, Josiah Dykstra, William Casey

TL;DR

This work formalizes a dynamical network control game for CTF competitions and detail the static game for each time step and predicts that metrics such as Common Vulnerability Scoring System (CVSS) may intensify the secondary reasoning in cyber operations.

Abstract

Variations of the Flip-It game have been applied to model network cyber operations. While Flip-It can accurately express uncertainty and loss of control, it imposes no essential resource constraints for operations. Capture the flag (CTF) style competitive games, such as Flip-It , entail uncertainties and loss of control, but also impose realistic constraints on resource use. As such, they bear a closer resemblance to actual cyber operations. We formalize a dynamical network control game for CTF competitions and detail the static game for each time step. The static game can be reformulated as instances of a novel optimization problem called Adversarial Knapsack (AK) or Dueling Knapsack (DK) when there are only two players. We define the Adversarial Knapsack optimization problems as a system of interacting Weighted Knapsack problems, and illustrate its applications to general scenarios involving multiple agents with conflicting optimization goals, e.g., cyber operations and CTF games in particular. Common awareness of the scenario, rewards, and costs will set the stage for a non-cooperative game. Critically, rational players may second guess that their AK solution -- with a better response and higher reward -- is possible if opponents predictably play their AK optimal solutions. Thus, secondary reasoning which such as belief modeling of opponents play can be anticipated for rational players and will introduce a type of non-stability where players maneuver for slight reward differentials. To analyze this, we provide the best-response algorithms and simulation software to consider how rational agents may heuristically search for maneuvers. We further summarize insights offered by the game model by predicting that metrics such as Common Vulnerability Scoring System (CVSS) may intensify the secondary reasoning in cyber operations.

Adversarial Knapsack and Secondary Effects of Common Information for Cyber Operations

TL;DR

This work formalizes a dynamical network control game for CTF competitions and detail the static game for each time step and predicts that metrics such as Common Vulnerability Scoring System (CVSS) may intensify the secondary reasoning in cyber operations.

Abstract

Variations of the Flip-It game have been applied to model network cyber operations. While Flip-It can accurately express uncertainty and loss of control, it imposes no essential resource constraints for operations. Capture the flag (CTF) style competitive games, such as Flip-It , entail uncertainties and loss of control, but also impose realistic constraints on resource use. As such, they bear a closer resemblance to actual cyber operations. We formalize a dynamical network control game for CTF competitions and detail the static game for each time step. The static game can be reformulated as instances of a novel optimization problem called Adversarial Knapsack (AK) or Dueling Knapsack (DK) when there are only two players. We define the Adversarial Knapsack optimization problems as a system of interacting Weighted Knapsack problems, and illustrate its applications to general scenarios involving multiple agents with conflicting optimization goals, e.g., cyber operations and CTF games in particular. Common awareness of the scenario, rewards, and costs will set the stage for a non-cooperative game. Critically, rational players may second guess that their AK solution -- with a better response and higher reward -- is possible if opponents predictably play their AK optimal solutions. Thus, secondary reasoning which such as belief modeling of opponents play can be anticipated for rational players and will introduce a type of non-stability where players maneuver for slight reward differentials. To analyze this, we provide the best-response algorithms and simulation software to consider how rational agents may heuristically search for maneuvers. We further summarize insights offered by the game model by predicting that metrics such as Common Vulnerability Scoring System (CVSS) may intensify the secondary reasoning in cyber operations.
Paper Structure (27 sections, 21 equations, 4 figures, 2 tables, 4 algorithms)

This paper contains 27 sections, 21 equations, 4 figures, 2 tables, 4 algorithms.

Table of Contents

  1. Introduction and Motivation
  2. Background and Related Work
  3. Formal Model for Network Control, Cyber Operations, and Games
  4. Game State
  5. Common Information
  6. Player Roles and Action Space
  7. Game Dynamics
  8. Agent Rationality and Conflicting Interest
  9. Utility Objectives and Resource Constraints
  10. Agent Based Model Summary
  11. Analysis and Methods
  12. Weighted Knapsack
  13. Dueling Knapsacks
  14. Abstract Dueling Knapsack
  15. Approximate Solution of Dueling Knapsack by Fictitious Play
  16. ...and 12 more sections

Figures (4)

  • Figure 1: Attack and Defense Asymmetries: In Cyberspace, attackers have an advantage that they only need to exploit one vulnerability, while defenders must protect all vulnerabilities to remain secure. (a) Networks are comprised of nodes. A node, owned by the defender, is a heterogeneous mix of software components, each component is visible to all players. Components relate to fields in a Colonel Blotto games, however the differ as well, as the attacker, only needs one unpatched vulnerability to flip control of a node. (b) The defender allocates defense resources to mitigate vulnerabilities by patching a component, thereby removing an attacker's exploitation possibility when attacked. Note that only the defender knows the true patch state of each component.
  • Figure 2: Bounding the Secondary effects and how agents may utilize common knowledge in fictitious play. We generated networks with 100 machines, 70 vulnerabilities, and calculate the fictitious play sequence starting from random strategies. Generally, as in the image above, we observe that fictitious play cycles within a few steps. In (a) we illustrate an example strategy sequence cycling, each node represents a distinct tuple of strategies identified by binary variable selection for $2^{N+1}$ variables. In (b) we collect and visualize the payoff outcomes of all pairs $7 \text{Chose} 2$ strategies discovered in part (a). The associated zero-sum payoff matrix can provide both players a means to estimate game value.
  • Figure 3: Strategic Stabilization at Maximin: Zero sum games have always have mixed strategy equilibrium, but may also have pure equilibrium's when maximin and minimax are equal. In this example, where analysis is restricted to strategies discovered with fictitious play the attacker has a maximin strategy to guarantee a gain of $40$ nodes (or more), the defender can guarantee a loss of no more than 43. These values bound the game value and can be used to evaluate and optimize network designs for cyber security. These values represent relative difference of less than 7.5% of game value.
  • Figure 4: Encoding the networks into the game model can be automated, In (a) a random initial game state is provided, it enumerating machines and vulnerabilities along with associated hazard and costs for exploit/patch, in (b) we observe the effects of player actions: '+' indicates flipped control states, '($x$)' indicates patch actions on $x$, '[$y$]' indicates exploit actions attempt on $y$. Notice that game states are updated to enable simulation and evaluation of multi-step strategies.