Multi-Defender Strategic Filtering Against Spear-Phishing Attacks

Multi-Defender Strategic Filtering Against Spear-Phishing Attacks
Aron Laszka, Jian Lou, Yevgeniy Vorobeychik

Citation
Aron Laszka, Jian Lou, Yevgeniy Vorobeychik. "Multi-Defender Strategic Filtering Against Spear-Phishing Attacks". 30th AAAI Conference on Artificial Intelligence (AAAI), February, 2016.

Abstract
Spear-phishing attacks pose a serious threat to sensitive computer systems, since they sidestep technical security mechanisms by exploiting the carelessness of authorized users. A common way to mitigate such attacks is to use e-mail filters which block e-mails with a maliciousness score above a chosen threshold. Optimal choice of such a threshold involves a tradeoff between the risk from delivered malicious emails and the cost of blocking benign traffic. A further complicating factor is the strategic nature of an attacker, who may selectively target users offering the best value in terms of likelihood of success and resulting access privileges. Previous work on strategic threshold-selection considered a single organization choosing thresholds for all users. In reality, many organizations are potential targets of such attacks, and their incentives need not be well aligned. We therefore consider the problem of strategic threshold-selection by a collection of independent self-interested users. We characterize both Stackelberg multi-defender equilibria, corresponding to short-term strategic dynamics, as well as Nash equilibria of the simultaneous game between all users and the attacker, modeling long-term dynamics, and exhibit a polynomial-time algorithm for computing short-term (Stackelberg) equilibria. We find that while Stackelberg multi-defender equilibrium need not exist, Nash equilibrium always exists, and remarkably, both equilibria are unique and socially optimal.

Electronic downloads

Internal. This publication has been marked by the author for FORCES-only distribution, so electronic downloads are not available without logging in.

Citation formats

HTML

Aron Laszka, Jian Lou, Yevgeniy Vorobeychik. <a
href="http://www.cps-forces.org/pubs/116.html"
>Multi-Defender Strategic Filtering Against
Spear-Phishing Attacks</a>, 30th AAAI Conference on
Artificial Intelligence (AAAI), February, 2016.

Plain text

Aron Laszka, Jian Lou, Yevgeniy Vorobeychik.
"Multi-Defender Strategic Filtering Against
Spear-Phishing Attacks". 30th AAAI Conference on
Artificial Intelligence (AAAI), February, 2016.

BibTeX

@inproceedings{LaszkaLouVorobeychik16_MultiDefenderStrategicFilteringAgainstSpearPhishing,
    author = {Aron Laszka and Jian Lou and Yevgeniy Vorobeychik},
    title = {Multi-Defender Strategic Filtering Against
              Spear-Phishing Attacks},
    booktitle = {30th AAAI Conference on Artificial Intelligence
              (AAAI)},
    month = {February},
    year = {2016},
    abstract = {Spear-phishing attacks pose a serious threat to
              sensitive computer systems, since they sidestep
              technical security mechanisms by exploiting the
              carelessness of authorized users. A common way to
              mitigate such attacks is to use e-mail filters
              which block e-mails with a maliciousness score
              above a chosen threshold. Optimal choice of such a
              threshold involves a tradeoff between the risk
              from delivered malicious emails and the cost of
              blocking benign traffic. A further complicating
              factor is the strategic nature of an attacker, who
              may selectively target users offering the best
              value in terms of likelihood of success and
              resulting access privileges. Previous work on
              strategic threshold-selection considered a single
              organization choosing thresholds for all users. In
              reality, many organizations are potential targets
              of such attacks, and their incentives need not be
              well aligned. We therefore consider the problem of
              strategic threshold-selection by a collection of
              independent self-interested users. We characterize
              both Stackelberg multi-defender equilibria,
              corresponding to short-term strategic dynamics, as
              well as Nash equilibria of the simultaneous game
              between all users and the attacker, modeling
              long-term dynamics, and exhibit a polynomial-time
              algorithm for computing short-term (Stackelberg)
              equilibria. We find that while Stackelberg
              multi-defender equilibrium need not exist, Nash
              equilibrium always exists, and remarkably, both
              equilibria are unique and socially optimal.},
    URL = {http://cps-forces.org/pubs/116.html}
}

Posted by Aron Laszka on 15 Mar 2016.
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.