MODELING SECURITY OF INFORMATION
SYSTEMS USING STOCHASTIC GAMES
Jóźwiak I., Laskowski W.
Instytut Informatyki Stosowanej, Politechnika Wrocławska, ul. Wybrzeże Wyspiańskiego 27, 50-370 Wrocław, Poland
Abstract: The paper presents briefly a game theoretical approach to analysis IT security. This
approach uses a model of n-person stochastic game. The authors present chosen elements of formal model and point at the most important problems. The practical aspects of such approach were discussed.
1. Introduction and related work
Modeling security of information systems using game theoretical approach is known from several significant publications e.g. [1, 2, 3, 12, 15]. The wide spectrum of aspects are considered using game theory models, from two person zero [9] (or non-zero [6]) sum games, to modeling intrusion detection systems [2, 3, 12], information warfare phenomenon [6, 7, 8]. One of the most promising and interesting results are presented in [14]. A stochastic game theory model to analyzing strategies of attackers and defenders of network systems is presented.
Presented in this paper work is inspired by result presented in [14]. We use this approach but in other context. We propose using in security context n-person stochastic game with coalitions. In our work as a starting point we use simple model of security of information systems, which is viewed as a cyclic structure consists of three stages: protecting (P), detecting (D) and reacting (R) against incidents connected with security (so called P-D-R security model). In such context, security is a process, in which the results and conclusions from one stage are used in another [13].
2. Game theoretical approach
The process of ensuring security can be modeled using stochastic game model [11, 16]. The stochastic game consists of a finite set of positions (or states) S = {1,2,…N}where one is a starting position (state). Let us denote by G(k) a game where k is a starting state.
Associated with each state k a matrix game A(k) = (a
ij(k)). If game is in the state k, the
players simultaneously chose a row i and a column j. As a result, two things happen: at first, Player I wins aij(k) from Player II; secondly, with probability which depends on i, j
and k the game stops or goes to another state (possible the same state).
Let us return to P-D-R model. We understand security as a process based on presented three stages. In every stage there are possible to perform a finite number of actions. Taking a particular action moves to another state (in stochastic game model sense). These actions are strategies of players: Player I – a defensive player (e.g. system administrator) and Player II – an offensive player (e.g. intruder or hacker). This traditional approach leads directly to defining a stochastic model in security of information systems context. But we switch to model presented in [11]. Our proposal is based on n-person stochastic game with coalitions. It is mix of multiperson cooperative games with noncooperative two person stochastic game. In the case of simple stochastic game the payoffs for players are cause (base) for taking decision. In proposed model, the payoffs are effect of their decisions. Different cases of possible coalitions are discussed.
3. Our contribution
The most suitable element of P-D-R security model to analyze using n-person stochastic game with coalition is detection (D) of abnormal behaviors of system or intruder’s activities. Let us assume that there is an information system S which consists of N elements. Each element (e.g. node of computer network) can cooperate with others (e.g. rise an alarm) or do nothing (e.g. perform normal operation – if it is possible – despite of intruder’s actions). The proposed game theory model is to investigate the different coalition and their influence of security of information system. In our paper we present a general model and discussion on possibilities of application such models to IT security analysis. To our best knowledge there is no published work connected with a practical application of n-person stochastic game with coalition, especially in security of information systems context. The lack of research connected with this particular game theory model was underlined by Kałuski [11, p. 194].
The possible area of application of our model is analyzing functioning of intrusion detection systems.
4. Model – the chosen elements
The notation and approach were inspired by work [11]. But the considerations presented there are discussed in a new context – in IT security context.
Let us assume that there is a set of players J = {1,2,…,n}. The players can join the k-person coalition. The decision about joining the coalition is taken at the time moments t=0,1,2,…. At the moment t a n-person game can be in state n
t
S . The state n t
S is a single dimension stochastic variable from a finite set S {1,2,…,s,…N}. This set is called a space set. An event Sn s
t means that n – person game at the time moment t is
in the state s, where s is a n-dimension vector:
s
s
1t,
s
t2,...,
s
tn
s
it,
i
1
,...,
n
;
t
0
,
1
,
2
,...
(1) ThusS(
)s
S{
s,s
,...,
s
n}
t 2 t 1 t n t n t
(2)The element sti, i=1,…,n of a vector s describes a state of i – th players at the moment t
= 0,1,2,…. The state of i – th player is understood as its ability of joining the different coalitions. Thus, sti i=1,…,n jest n – dimensional row vector:
s [m1,m2,...,mk,...,mn] i t (3) where: m Ck 1,k 1,...,n 1 n k (4)
is a total number of different k-person coalition of every player in n-person game, where player can belong at the moment t (of course at the one moment player can belong only to one coalition). The total number of all different k – person coalition, where player can belong AT the moment t can be expressed by following equation:
n
k
;
n
,...,
1
k
,
2
C
m
m
n n 1 1 k 1 k 1 n n 1 k k
(5)
n 1 k n k n2
1
C
(6)Let us assume, that at the next moment t+1, the system can go to the state s` or stay in the same state. Let us try to define a number of all possible states for n – person game. The total number Ni of all possible coalitional structure can be derived from equation:
n 1 k 1 k 1 n i(
C
1
)
N
(7)For n players, the number N of possible states at the moment t =0,1,2,… is:
n 1 k n 1 k 1 n n i[
(
C
1
)]
N
N
(8) This number, even for a simple 3-person game, is huge [11], e.g. from 8 to 1728 possible states. If we introduce an additional assumption that players are indistinguishable, the number of states is significantly reduced. Such situation can be considered as a real situation that IT system is a homogeneous system, e.g. a system which consists of identical software and hardware components.5. Conclusion
One of possible application of presented approach is analysis of functioning of intrusion detection systems. Another area of application is a network of mobile sensors, e.g. in the case on mobile ad hoc networks. Generalization of such consideration can lead to proposing of a model of detection events which can lead to a crisis situation (especially in critical infrastructure protection context).
To conclude, we have to underline that stochastic games model are a special and elevated kind of formal models. However, it seems that such problems are adequate to many practical problems (it was discussed e.g. in [11, 14]). The presented paper pretends to be a voice in discussion on comparison stochastic and deterministic approaches to IT security and briefly shows chosen aspects this domain.
On the base of presented consideration it can be noticed that possibilities of practical using stochastic game models are limited due to a huge number of possible states. So it is a need to find a way to reduce it, especially in the case of a many players and possibilities
to establish a big number of coalitional structures. Despite such problems, it seems that stochastic game models can have a significant practical meaning. There are many practical situation where we face a problem of defining (or predict) a state of information system. The problem of moving from state t to t+1 depends of many factors, that very often have stochastic nature e.g. activities of authorized or unauthorized users, natural disasters etc. In such a context it seems that n-person stochastic game models can be helpful and worth of considering.
Bibliography
1. Agah A., Das S.K., Basu K.: A game theory based approach for security in wireless sensor networks. Proceedings of IEEE International Performance Computing and Communications Conference, p. 259- 263, 2004.
2. Alpcan T., Basar T.: A game theoretic approach to decision and analysis in network intrusion detection. IEEE Conference on Decision and Control, p. 2595-2600, 2003. 3. Alpcan T., Basar T.: A game theoretic analysis of intrusion detection in access
control systems, Proceedings. IEEE Conference on Decision and Control, p. 1568-1573, 2004.
4. Browne R.: Defensive information warfare with non-localizable command and
control. New Jersey Computer and Communications
(http://citeseer.ist.psu.edu/485272.html), 2000.
5. Brynielson J.: Game-theoretic reasoning in command and control, 15th Mini-EURO
Conference: Managing Uncertainty in Decision Support Models, 2004.
6. Burke D.: Towards a game theory model of information warfare, Master Thesis, Airforce Institute of Technology, Air University, 1999.
7. Hamilton S.N., Miller W.L., Ott A.: The role of game theory in information warfare, Proceedings of 4th Information Survivability Workshop, 2002.
8. Hamilton S.N., Miller W.L., Ott A.: Challenges in applying game theory to the domain of information warfare. Proceedings of 4th Information Survivability Workshop, 2002.
9. Hespanha, J., Bohacek S.: Preliminary Results in Routing Games. Proceedings of the 2001 American Control Conference, vol. 3, p. 1904-1909, 2001.
10. Jóźwiak I., Laskowski W., Zych J.: An application of game theory to security and reliability. Advances in safety and reliability. Proceedings of the European Safety and Reliability Conference (ESREL 2005). Gdynia-Sopot-Gdańsk, 27-30 June 2005. Vol. 1. 2005 p. 989-994, 2005.
11. Kałuski J.: Game theory. Gliwice 2002 (in Polish).
12. Kodialam, M., Lakshman, T.V.: Detecting Network Intrusion via Sampling: A Game Theoretic Approach. Proceedings of The 22nd Annual Joint Conference of the IEEE Computer and Communications Societies, San Francisco. USA, 2003.
13. Laskowski W.: Ochrona informacji w systemach teleinformatycznych – współczesne trendy i zagrożenia. Przegląd Telekomunikacyjny i Wiadomości Telekomunikacyjne, 1, p. 12 – 17, 2005.
14. K. wei Lye and Wing J.: Game strategies in network security. International Journal of Information Security, 4(1-2), p. 71-86, 2005.
15. Michardi, P., Molva, R.: Game theoretic analysis of security in mobile ad hoc networks. Research report No. RR-02-070, Institut Telcom, France, 2002.
