About MAPS
Persistent adversaries are capable of studying cyber systems over an extended period of time, identifying protocol vulnerabilities, and mounting intelligent attacks that target those vulnerabilities. Defending against such attacks requires an approach that is adaptive to intelligent, timevarying attacks and proactive against emerging threats. This project will develop a scientific framework for adaptive and proactive cyber defense that minimizes the system signature that is observable by the adversary, and hence increases the cost and reduces the effectiveness of attacks, without degrading the system performance.
Our framework will consist of three tightly coupled research thrusts, namely, novel proactive defense mechanisms that exploit diversity at one or more system layers to increase the uncertainty of the adversary, control-theoretic models for the impact of one or more attacks and adaptive defense mechanisms over time, and dynamic game-theoretic methodologies for modeling interactions between adversaries and defenders and designing defense strategies
Meet the Team
Publications
B. Ramasubramanian, L. Niu, A. Clark, L. Bushnell, and R. Poovendran, Secure Control in Partially Observable Environments to Satisfy LTL Specifications, accepted to IEEE Transactions on Automatic Control, November 2020.
Dinuka Sahabandu, Shana Moothedath, Joey Allen, Linda Bushnell, Wenke Lee, and Radha Poovendran, A Multi-Agent Reinforcement Learning Approach for Dynamic Information Flow Tracking Games for Advanced Persistent Threats. Preprint: arXiv:2007.00076, July 2020.
Shana Moothedath, Dinuka Sahabandu, Joey Allen, Linda Bushnell, Wenke Lee, and Radha Poovendran, Stochastic Dynamic Information Flow Tracking Game using Supervised Learning for Detecting Advanced Persistent Threats. Preprint: arXiv:2007.12327, July 2020.
B. Ramasubramanian, L. Niu, A. Clark, L. Bushnell, and R. Poovendran. Privacy-Preserving Resilience of Cyber-Physical Systems to Adversaries, Proc. IEEE Conference on Decision and Control (CDC), 2020.
B. Ramasubramanian, B. Xiao, L. Bushnell, and R. Poovendran. Safety-Critical Online Control with Adversarial Disturbances, Proc. IEEE Conference on Decision and Control (CDC), 2020.
M.A. uz Zaman, K. Zhang, E. Miehling, and T. Başar. Approximate equilibrium computation for discrete-time linear-quadratic mean-field games. Proc. American Control Conference (ACC), Denver, Colorado, 2020, pp. 333-339.
D. Wang, J. Liu, P.E. Pare, W. Chen, L. Qiu, C.L. Beck, and T. Başar. Controlling a networked SIS model via a single input over undirected graphs. Proc. IFAC World Congress (IFAC WC), Berlin, Germany, 2020.
K. Zhang, Y. Liu, J. Liu, M. Liu, and T. Başar. Distributed learning of average belief over networks using sequential observations. Automatica, Vol. 115, No. 5, May 2020.
B. Xiao, Q. Liu, B. Ramasubramanian, A. Clark, L. Bushnell, R. Poovendran. FRESH: Interactive Reward Shaping in High-Dimensional Spaces using Human Feedback. Proceedings of the International Conference on Autonomous Agents and Multi-Agent Systems (AAMAS), Auckland, New Zealand, 2020, pp. 1512-1520.
L. Niu, B. Ramasubramanian, A. Clark, L. Bushnell, R. Poovendran. Control Synthesis for Cyber-physical Systems to satisfy Metric Interval Temporal Logic Objectives under Timing and Actuator Attacks. Proc. International Conference on Cyber-Physical Systems (ICCPS), 2020 Sydney, Australia, pp. 162-173.
K. Zhang, A. Koppel, H. Zhu, and T. Başar. Global convergence of policy gradient methods to (almost) locally optimal policies. SIAM Journal on Control and Optimization, 2020 (to appear).
B Xiao, B. Ramasubramanian, A. Clark, H. Hajishirzi, L. Bushnell, R. Poovendran. Potential-based Advice for Stochastic Policy Learning. Proc. IEEE Conference on Decision and Control (CDC), Nice, France, 2019, pp. 1842-1849.
B. Ramasubramanian, L. Niu, A. Clark, L. Bushnell, R. Poovendran. Linear Temporal Logic Satisfaction in Adversarial Environments using Secure Control Barrier Certificates. Proceedings of the Conference on Decision and Game Theory for Security, 2019 pp. 385-403.
X. Ying, S. Sagong, A. Clark, L. Bushnell, and R. Poovendran. Shape of the Cloak: Formal Analysis of Clock-Skew Intrusion Detection System in Controller Area Networks. IEEE Transactions on Information Forensics and Security, Vol. 14, No. 9, 2019, pp. 2300-2314.
S.R. Etesami and T. Başar. Dynamic games in cyber-physical security: an overview. Dynamic Games and Applications, 9:884–913, 2019.
B. Ramasubramanian, A. Clark, L. Bushnell, and R. Poovendran. Secure Control under Partial Observability with Temporal Logic Constraints, Proc. American Control Conference (ACC), Philadelphia, USA, 2019, pp. 1181-1188.
K. Zhang, E. Miehling, and T. Başar. Online planning for decentralized stochastic control with partial history sharing. Proc. American Control Conference (ACC), Philadelphia, USA, 2019, pp. 3544-3550.
H. Hosseini, S. Kannan, R. Poovendran. Dropping Pixels for Adversarial Robustness. IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, 2019.
X. Gao, E. Akyol, and T. Başar. On communication scheduling and remote estimation in the presence of an adversary, Proc. IEEE Conference on Decision and Control (CDC), 2018, Miami, FL, pp. 2710-2715.
Z. Yang, K. Zhang, M. Hong, and T. Başar. A finite sample analysis of the actor-critic algorithm, Proc. IEEE Conference on Decision and Control (CDC), 2018, Miami, FL, pp. 2759-2764.
K. Zhang, Z. Yang, and T. Başar. Networked multi-agent reinforcement learning in continuous spaces, Proc. IEEE Conference on Decision and Control (CDC), 2018, Miami, FL, pp. 2771-2776.
V.S.S. Nadendla, C. Langbort, and T. Başar. Effects of subjective biases on strategic information transmission. IEEE Transactions on Communications, Vol. 66, No. 12, pp. 6040-6049, 2018.
H. Hosseini and R. Poovendran. Semantic Adversarial Examples. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, 2018, pp. 1614 - 1619.
H. Hosseini, B. Xiao, M. Jaiswal and R. Poovendran. Assessing Shape Bias Property of Convolutional Neural Networks. In IEEE Conference on Computer Vision and Pattern Recognition Workshops, 2018, pp. 1923-1931.
G. Yang, H. Hosseini, D. Sahabandu, A. Clark, J. Hespanha and R. Poovendran. Modeling and Mitigating the Coremelt Attack. Proceedings American Control Conference (ACC), Milwaukee, WI, 2018, pp. 3410-3416.
T. Başar. A Consensus Problem in Mean Field Setting with Noisy Measurements of Target. Proc. 2018 American Control Conference (ACC), Milwaukee, WI, 2018, pp. 6521-6526.
S. Sagong, X. Ying, A. Clark, L. Bushnell, and R. Poovendran. Cloaking the Clock: Emulating Clock Skew in Controller Area Networks. Proc. International Conference on Cyber-Physical Systems (ICCPS), 2018 Porto, Portugal, pp. 32-42.
X. Gao, E. Akyol, and T. Başar. Optimal communication scheduling and remote estimation over an additive noise channel. Automatica, Vol. 88, No. 2, 2018, pp. 57-69.
S.R. Etesami, S. Bolouki, A. Nedich, T. Başar, and H.V. Poor. Influence of Conformist and Manipulative Behaviors on Public Opinion. IEEE Transactions on Control of Network Systems, Vol. 6, No. 1, 2018, pp. 202-214.
S. Bolouki, D.G. Dobakhshari, T. Başar, V. Gupta, and A. Nedich. Applications of group testing to security decision-making in networks. Proc. IEEE Conference on Decision and Control (CDC), 2017; Melbourne, Australia, pp. 2929-2934.
E. Akyol, T. Başar, and C. Langbort. Signaling games in networked cyber-physical systems with strategic elements. Proc. IEEE Conference on Decision and Control (CDC), 2017; Melbourne, Australia, pp. 4576-4581.
H. Hosseini, B. Xiao, and R. Poovendran. Google's Cloud Vision API Is Not Robust To Noise. In IEEE International Conference on Machine Learning and Applications (ICMLA), 2017, pp. 101-105.
H. Hosseini, B. Xiao, M. Jaiswal, and R. Poovendran. On the limitation of convolutional neural networks in recognizing negative images. In IEEE International Conference on Machine Learning and Applications (ICMLA), 2017, pp. 352-358.
E. Akyol, C. Langbort, and T. Başar. Networked estimation-privacy games. Proc. IEEE Global Conference on Signal and Information Processing (GlobalSIP) 2017, Montreal, Canada.
H. Hosseini, B. Xiao, A. Clark and R. Poovendran. Attacking Automatic Video Analysis Algorithms: A Case Study of Google Cloud Video Intelligence API. ACM CCS Workshop on Multimedia Privacy and Security, 2017, pp. 21-32.
V.S.S. Nadendla, E. Akyol, C. Langbort, and T. Başar. Strategic communication between prospect theoretic agents over a Gaussian test channel. Proc. MILCOM 2017 Baltimore, MD, USA.
S. Bolouki, M.H. Manshaei, A. Nedich, and T. Başar. Group testing game. Proc. 20th IFAC World Congress (IFAC WC 2017), Toulouse, France, July 9-14, 2017, pp. 10078-10083.
H. Hosseini, B. Xiao, and R. Poovendran. Deceiving Google's Cloud Video Intelligence API Built for Summarizing Videos. In IEEE Conference on Computer Vision and Pattern Recognition Workshops, 2017, pp. 1-5.
A. Sanjab, W. Saad, and T. Başar. Prospect theory for enhanced cyber-physical security of drone delivery systems: A network interdiction game. Proc. Communication and Information Security Symposium (CISS 2017), Paris, France, May 21-25, 2017.
Software and Code
Multi-Agent Average Reward Nash Equilibrium (MA-ARNE) algorithm for detecting APTs using DIFT
Date: Mon August 03, 2020
Summary
Dynamic Information Flow Tracking (DIFT) is a defense mechanism that dynamically track the usage of information flows in a computer system during program executions. Advanced Persistent Threats (APTs) are sophisticated, stealthy, long-term cyberattacks that target specific systems. Although DIFT has been used for detecting APTs, wide range security analysis using DIFT results in a significant increase in performance overhead and high rates of false-positives and false-negatives. This code presents a game-theoretic implementation of the strategic interaction between APT and DIFT. The DIFT-APT game is a nonzero-sum stochastic game with imperfect information and average reward structure. The average payoff structure captures the long-term behavior of the APT’s interactions with the victim system. Additionally, the game has incomplete information structure as the transition probabilities (false-positive and false-negative rates) are unknown. In [1], we showed that the state space of the game has a unichain structure. Utilizing the unichain structure we proposed Multi-Agent Average Reward Nash Equilibrium (MA-ARNE) algorithm to compute an average reward Nash equilibrium of the game and proved convergence in [1].
Read more...Github Link: https://github.com/sdinuka/MA-ARNE-Algorithm-for-DIFT-APT-games/blob/master/MA-ARNE-PYTHON
Code description
This code presents the Python (version 3.7.7) implementation of the MA-ARNE algorithm. The MA-ARNE algorithm is a multiple-time scale stochastic approximation algorithm that learns an equilibrium solution of the DIFT-APT game. MA-ARNE python code contains four classes of functions, Supplementary_Functions, MA-ARNE, Evaluation_Functions and Experiment_plots. Detailed description of the python code is given below. • Python version - 3.7.7 • Python libraries required - numpy, scipy.io, copy, statistics, matplotlib.pylab • Function description
The experiments in this code used a ransomware attack dataset collected using Refinable Attack INvestigation (RAIN) framework [2]. For more details on the algorithm and results see [1].
Note: You may freely redistribute and use this sample code, with or without modification, provided you include the original Copyright notice and use restrictions.
Disclaimer: THE SAMPLE CODE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DINUKA SAHABANDU OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) SUSTAINED BY YOU OR A THIRD PARTY, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ARISING IN ANY WAY OUT OF THE USE OF THIS SAMPLE CODE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Related Papers
[1] Dinuka Sahabandu, Shana Moothedath, Joey Allen, Linda Bushnell, Wenke Lee, and Radha Poovendran, “A Multi-Agent Reinforcement Learning Approach for Dynamic Information Flow Tracking Games for Advanced Persistent Threats”. ArXiv link: https://arxiv.org/pdf/2007.00076.pdf Website: https://adapt.ece.uw.edu/ [2] Ji, Yang, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, and Wenke Lee. "Rain: Refinable attack investigation with on-demand inter-process information flow tracking." In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 377-390. 2017.
For additional information, contact: Dinuka Sahabandu, email: sdinuka@uw.edu Acknowledgement: This work was supported by ONR grant N00014-16-1-2710 P00002, DARPA TC grant DARPA FA8650-15-C-7556, and ARO grant W911NF-16-1-0485.
Hierarchical Supervised Learning (HSL) algorithm for Detecting Advanced Persistent Threats using DIFT
Date: Mon August 03, 2020
Summary
Dynamic Information Flow Tracking (DIFT) is a defense mechanism that dynamically track the usage of information flows in a computer system during program executions. Advanced Persistent Threats (APTs) are sophisticated, stealthy, long-term cyberattacks that target specific systems. Although DIFT has been used for detecting APTs, wide range security analysis using DIFT results in a significant increase in performance overhead and high rates of false-positives and false-negatives. This code presents a game-theoretic implementation of the strategic interaction between APT and DIFT for efficient detection. The APT-DIFT game is a constant-sum stochastic game with total reward structure and imperfect information. We consider two scenarios of the game (i) when the false-positive and false-negative rates are known to both players and (ii) when the false-positive and false-negative rates are unknown to both players. Case (i) translates to a game with complete information and case (ii) translates to an incomplete information game with unknown transition probabilities. For case (i), we implement a value iteration algorithm with guaranteed convergence. For case (ii), we implement Hierarchical Supervised Learning (HSL), a supervised learning-based algorithm.
Read more...Github Link: https://github.com/sdinuka/HSL-algorithm-for-APT-DIFT-games
Code description
• Python version - 3.7 • Keras Version - 2.3.1 • Function description
Note: You may freely redistribute and use this sample code, with or without modification, provided you include the original Copyright notice and use restrictions.
Disclaimer: THE SAMPLE CODE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DINUKA SAHABANDU OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) SUSTAINED BY YOU OR A THIRD PARTY, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ARISING IN ANY WAY OUT OF THE USE OF THIS SAMPLE CODE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Related Papers
[1] Shana Moothedath, Dinuka Sahabandu, Joey Allen, Linda Bushnell, Wenke Lee, and Radha Poovendran, “Stochastic Dynamic Information Flow Tracking Game using Supervised Learning for Detecting Advanced Persistent Threats”. ArXiv link: https://arxiv.org/pdf/2007.12327.pdf Website: https://adapt.ece.uw.edu/ [2] Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, and Wenke Lee. "Enabling refinable cross-host attack investigation with efficient data flow tagging and tracking." In 27th USENIX Security Symposium (USENIX Security 18), pp. 1705-1722. 2018.
For additional information, contact: Dinuka Sahabandu, email: sdinuka@uw.edu Acknowledgement: This work was supported by ONR grant N00014-16-1-2710 P00002, DARPA TC grant DARPA FA8650-15-C-7556, and ARO grant W911NF-16-1-0485.
Project Sponsor
Army Research Office