Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.705932
Title: Cyber hide-and-seek
Author: Chapman, Martin David
ISNI:       0000 0004 6062 0455
Awarding Body: King's College London
Current Institution: King's College London (University of London)
Date of Award: 2016
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
This thesis proposes to model a network attack as a game of hide-and-seek between an attacker and a defender. In the game of hide-and-seek, one player, the hider, conceals a set of objects on the nodes of a network, and a seeker must locate them by taking into account how the hider has concealed them. In a network attack, an attacker regularly leverages a subset of hosts in a legitimate network (e.g. creating bots in a peer-to-peer (P2P) network) to work on their behalf in order to attack a network. These nodes must be found, and blocked, if a defender is to protect their network. In both these cases, the task of the seeker and the task of the defender are the same: to not only search the graph, but to also understand how the opponent has actively concealed the objects sought. A seeker and a defender can therefore be considered interchangeably. Under this framing, the seeker is a benign entity, but the versatility of the hide-and-seek model also allows us to consider the case in which a seeker is an attacker (e.g. an intruder in a network). In both cases, solutions for the hide-and-seek game can provide recommendations for how a defender should act in order to protect their network. However, current hide-and-seek game models avoid incorporating parameters that may increase the complexity of the game. We argue that these same parameters – an arbitrary network topology, and multiple player interactions, among others – must be included in order to accurately capture the dynamics of a network attack. We therefore present a new hide-and-seek game model, which is designed to include these parameters. We define this model conceptually, before using it to implement a simulation platform. This platform supports both the development of strategies, and an estimation of their payoffs. Using these estimations, we are able to solve the game of hide-and-seek, under various configurations, and thus provide the aforementioned recommendations for how to play the game and how to act during, or in preparation for, a network attack.
Supervisor: McBurney, Peter John Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.705932  DOI: Not available
Share: