Skip to main content
SpringerLink
Log in

Random Damage in Interconnected Networks

  • Chapter
  • First Online:
Game Theory for Security and Risk Management

Part of the book series: Static & Dynamic Game Theory: Foundations & Applications ((SDGTFA))

Abstract

When looking at security incidents in Industrial Control System (ICS) networks, it appears that the interplay between an attacker and a defender can be modeled using a game-theoretic approach. Preparing a game require several steps, including the definition of attack and defense strategies, estimation of payoffs, etc. Specifically, during the preparation of a game, the estimation of payoffs (i.e. damage) for each possible scenario is one of its core tasks. However, damage estimation is not always a trivial task since it cannot be easily predicted, primarily due to incomplete information about the attack or due to external influences (e.g. weather conditions, etc.). Therefore, it is evident that describing the payoffs by means of a probability distribution may be an appropriate approach to deal with this uncertainty. In this chapter, we show that if the network structure of an organization is known, it is possible to estimate the payoff distribution by means of a stochastic spreading model. To this extend, the underlying network is modeled as a graph whose edges are classified depending on their properties. Each of these classes has a different probability of failure (e.g. probability of transmitting a malware). Finally, we demonstrate how these probabilities can be estimated, even if only subjective information is available.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Busby, J., Gouglidis, A., Rass, S., König, S.: Modelling security risk in critical utilities: The system at risk as a three player game and agent society. In: Proceedings of 2016 IEEE International conference on System, Man, and Cybernetics (SMC) Budapest, October 9-12 (2016). https://doi.org/10.1109/SMC.2016.7844492

  2. Chen, Z., Ji, C.: Spatial-temporal modeling of malware propagation in networks. IEEE Transactions on Neural networks 16(5), 1291–1303 (2005)

    Article  Google Scholar 

  3. Dudenhoeffer, D.D., Permann M.R. und Manic, M.: CIMS: A framework for infrastructure interdependency modeling and analysis. In: Proceedings of the 2006 Winter Simulation Conference. New Jersey (2006)

    Google Scholar 

  4. Dudenhoeffer, D.D., Permann M.R. und Boring, R.: Decision consequence in complex environments: Visualizing decision impact. In: Proceeding of Sharing Solutions for Emergencies and Hazardous Environments. American Nuclear Society Joint Topical Meeting: 9th Emergency Preparedness and Response/11th Robotics and Remote Systems for Hazardous Environments (2006)

    Google Scholar 

  5. Erdős, P., Rényi, A.: On random graphs. Publicationes Mathematicae 6, 290–297 (1959)

    MathSciNet  MATH  Google Scholar 

  6. Gao, C., Liu, J.: Modeling and restraining mobile virus propagation. IEEE Transactions on Mobile Computing 12(3), 529–541 (2013)

    Article  Google Scholar 

  7. Knapp, E.D., Langill, J.T.: Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress (2014)

    Google Scholar 

  8. König, S.: Error propagation through a network with non-uniform failure. arXiv:1604.03558 (2016)

    Google Scholar 

  9. König, S., Rass, S., Schauer, S., Beck, A.: Risk propagation analysis and visualization using percolation theory. International Journal of Advanced Computer Science and Applications (IJACSA) 7(1) (2016)

    Google Scholar 

  10. König, S., Schauer, S., Rass, S.: A Stochastic Framework for Prediction of Malware Spreading in Heterogeneous Networks, pp. 67–81. Springer, Cham (2016)

    Chapter  Google Scholar 

  11. Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)

    Google Scholar 

  12. Meyers, L.A., Newman, M.E.J., Pourbohloul, B.: Predicting epidemics on directed contact networks. Journal of Theoretical Biology 240(3), 400–418 (2006)

    Article  MathSciNet  Google Scholar 

  13. Microsoft: Chapter 3 threat modeling (2003). URL https://msdn.microsoft.com/en-us/library/ff648644.aspx,[retrieved:26/09/2017]

    Google Scholar 

  14. Miller, J.C.: Bounding the size and probability of epidemics on networks. Applied Probability Trust 45, 498–512 (2008)

    Article  MathSciNet  Google Scholar 

  15. Miller, J.C., Volz, E.M.: Incorporating disease and population structure into models of SIR disease in contact networks. PLoS ONE 8(8), 1–14 (2013)

    Google Scholar 

  16. MITRE: Common vulnerabilities and exposure. URL https://cve.mitre.org/,[retrieved:26/09/2017]

    Google Scholar 

  17. NIST: National vulnerability database. URL https://nvd.nist.gov/,[retrieved:26/09/2017]

    Google Scholar 

  18. OpenVAS: Open vulnerability assessment system. URL http://www.openvas.org/,[retrieved:26/09/2017]

    Google Scholar 

  19. Pederson, P., Dudenhoeffer, D.D., Hartley, S., Permann, M.R.: Critical infrastructure interdependency modeling: A survey of U.S. and international research. Tech. rep., Idaho National Laboratory (2006). INL/EXT-06-11464

    Google Scholar 

  20. Rass, S., König, S.: Package ’HyRiM’: Multicriteria risk management using zero-sum games with vector-valued payoffs that are probability distributions. http://hyrim.net (2016). Version 1.0 (current stable release as of Sep.16; ongoing development)

  21. Rass, S., König, S., Schauer, S.: Uncertainty in games: Using probability distributions as payoffs. In: M. Khouzani, E. Panaousis, G. Theodorakopoulos (eds.) Decision and Game Theory for Security, 6th International Conference, GameSec 2015, LNCS 9406. Springer (2015)

    Google Scholar 

  22. Rinaldi, S., Peerenboom, J., Kelly, T.: Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems Magazine pp. 11–25 (2001)

    Google Scholar 

  23. Sellke, S.H., Shroff, N.B., Bagchi, S.: Modeling and automated containment of worms. IEEE Transactions on Dependable and Secure Computing 5(2), 71–86 (2008)

    Article  Google Scholar 

  24. Symantec: What you need to know about the wannacry ransomware (2017). URL https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware,[retrieved:25/09/2017]

    Google Scholar 

  25. Tenable: Nessus vulnerability scanner. URL https://www.tenable.com/products/nessus-vulnerability-scanner,[retrieved:26/09/2017]

    Google Scholar 

  26. TrendMicro: Frequently asked questions: The petya ransomware outbreak (2017). URL https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/frequently-asked-questions-the-petya-ransomware-outbreak,[retrieved:25/09/2017]

    Google Scholar 

  27. US Government: Executive order, 13010. critical infrastructure protection (1996). Federal Register

    Google Scholar 

  28. Yan, G., Eidenbenz, S.: Modeling propagation dynamics of bluetooth worms (extended version). IEEE Transactions on Mobile Computing 8(3), 353–368 (2009)

    Article  Google Scholar 

  29. Yu, S., Gu, G., Barnawi, A., Guo, S., Stojmenovic, I.: Malware propagation in large-scale networks. IEEE Transactions on Knowledge and Data Engineering 27(1) (2015)

    Article  Google Scholar 

Download references

Acknowledgements

The research leading to these results has received funding from the European Union Seventh Framework Programme under grant agreement no. 608090, Project HyRiM (Hybrid Risk Management for Utility Networks).

Author information

Authors and Affiliations

  1. AIT Austrian Institute of Technology GmbH, Centre for Digital Safety & Security, Giefinggasse 4, 1210, Vienna, Austria

    Sandra König

  2. School of Computing and Communications, InfoLab21, Lancaster University, Lancaster, LA1 4WA, UK

    Antonios Gouglidis

Authors
  1. Sandra König
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonios Gouglidis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Antonios Gouglidis .

Editor information

Editors and Affiliations

  1. Institute of Applied Informatics, University of Klagenfurt, Klagenfurt, Kärnten, Austria

    Stefan Rass

  2. Center for Digital Safety & Security, Austrian Institute of Techno GmbH, Klagenfurt, Kärnten, Austria

    Stefan Schauer

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

König, S., Gouglidis, A. (2018). Random Damage in Interconnected Networks. In: Rass, S., Schauer, S. (eds) Game Theory for Security and Risk Management. Static & Dynamic Game Theory: Foundations & Applications. Birkhäuser, Cham. https://doi.org/10.1007/978-3-319-75268-6_8

Download citation

Publish with us

Policies and ethics

Search

Navigation