Workshop on Game theory and Machine learning for Cyber-security (Work-GMC)

Introduction

Many incidents in cyberspace prove that network attacks can cause huge amounts of loss to governments, private enterprises, and the general public in terms of money, data conﬁdentiality, and reputation. The research community has been paying attention to the network security problem for more than two decades. However, the problem is far from being completely solved. We frequently see a race between the security specialists and the attackers in the following sense: one day an intelligent solution is proposed to ﬁx network vulnerability, and the next day the attackers come up with a smarter way to circumvent the proposed countermeasure.

We are interested in developing defense systems that can prevent some attacks (as ARP spoofing…) and stealthy attacks in local area networks and tactical networks, respectively. The idea is to combine technologies such as game theory, software-defined network, and cyber deception, to produce new methods to defend ARP spoofing and stealthy attacks in SDN networks.

Game theory serves perfectly in studying cyber deception to defend the network and enhance its resilience and deception techniques. This refers to hiding certain information or data in the background, repackaging a real object as something else to hide it. Also, the defender can create a new fake object to lure attackers. For example, software can be presented in a honeypot for attackers to download it, which allows collecting the attackers’ personal data and imitating aspects of a real object. This is often used to look honeypots as real nodes or interfaces to attackers. Moreover, the deceiver can provide publicly available false information about the system configurations to hinder reconnaissance attacks via decoy devices.

Importance of the subject and aspects included during the discussions

A comprehensive approach of cyber deception and network resilience can enhance networks security. This approach leverages game-theoretic techniques to study the potential interactions between the attacker and the network defender. We can combine multiple deception techniques for defense and enhancing network resilience leveraging the state-of-the-art in Machine Learning (ML) and Moving Target Defense (MTD). We should using game theory and Reinforcement Learning (RL) to build models for unobservable or unidentified attack types.

The Internet of Things (IoT) which provides ubiquitous sensing and computing capabilities to connect a broad range of things to the Internet. The rapid proliferation of IoT devices has brought forth unique challenges in terms of security and threat detection. To address these challenges, researchers are focuses on the development of innovative methods for improving cyber deception techniques in IoT environments. Looking ahead, the future holds immense potential for the application of adversarial learning in IoT security. The integration of more advanced machine learning techniques, the exploration of novel GAN architectures, and the consideration of real-world IoT environments will further enhance the capabilities of the AIIPot framework. As IoT technology continues to evolve, so will the strategies to safeguard it against emerging threats, with the thesis’s innovative contributions serving as a solid foundation for this ongoing journey.

To obtain insights into data generated from ubiquitous IoT With its innovative operational concept, Federated learning (FL) can offer some important benefits for IoT applications as follows:

— Data Privacy Enhancement: In FL, the raw data are not required for the training at the aggregator. Therefore, the leakage of sensitive user information to the external third-party is minimized and a degree of data privacy is provided. Following the increasingly stringent data privacy protection legislation such as the General Data Protection Regulation (GDPR), the privacy protection feature makes FL an ideal solution for building intelligent and safe IoT systems.

— Low-latency Network Communication: Since there is no requirement for transmitting IoT data to the server, the use of FL helps reduce communication latencies caused by data offloading. In return, it also saves network resources, e.g., spectrum and transmit power, in the data training.

— Enhanced Learning Quality: By attracting much computation resources and diverse datasets from a network of IoT devices, FL has the potential to enhance the convergence rate of the overall training process and achieve better learning accuracy rates, which might not be achieved by using centralized AI approaches with insufficient data and constrained computational capabilities. In return, FL also improves the scalability of intelligent networks due to its distributed learning nature.

In view of the above, it is therefore entirely normal for researchers to think about:

– Improve intrusion Detection System’s in order to have a great overview of FL Topic;

– Propose deceptive Framework based on FL to enhance preventive security in IoT system;

– Propose resilient approach based on FL to increase robustness of an IoT system during and after an attack;

To improve resilience, it is crucial to quantify or measure it. Measurement techniques usually base their measure on critical functionality, which is unfortunately not mission-centric. Also, methods of measurement over time cannot tackle the fact that a system may have different consecutive missions at different intervals of time. We cans discuss on methods to measure the cyber-resilience of any complex network by analyzing how the business process varies against adversity effort. Both efforts of the attacker and the impact on the business process are obtained by leveraging the vulnerabilities CVSS score of attack paths extracted from a generated attack graph. On the other hand, prioritization of Cyber vulnerabilities intends to make network administrators focus on the most critical assets in order to mitigate potential damages produced by attackers. More likely, in managing vulnerabilities, current approaches always focus on the common vulnerability exposures (CVEs), which are not the only existing vulnerabilities in a network. Also, researchers in the literature base their calculations of vulnerability critical scores on the Common Vulnerability Scoring System (CVSS), which does not reflect the likelihood or time taken to exploit a specific vulnerability.

The organization of a workshop of reflections and debates would allow participants to be informed about advances in “Game Theory” and “Artificial Intelligence” applied to Cybersecurity. It is therefore an important event for the development of the community of researchers in the field in general and those of our geographic region in particular.

During the planned exchanges, the focus will be more on real work and projects that address cyber-security issues that are of growing concern within our public and private institutions.

Several topics will be discussed during this workshop

– Practical model leveraging Game Theory and Epidemic models to study how an attacker can be deceived to adopt false beliefs about the network and derived away from his best interest;

– Game Theory and Software-Defined Network for cyber deception;

– Adversarial Machine Learning for Cyber Deception in Internet of Things;

– Cyber Resilience through measurement and attack graph analysis;

– Cyber deception on system navigation;

– Using Game Theory for defensive deception techniques considering important properties of cyber deception as security, infection rate, and recovery;

– Using epidemic model to model virus propagation when the defender using game theoretic to develop an effective deception strategy;

– Driving game theory associated with SDN technology to consolidate security in IoT and cloud.

Expected results at the end of the Workshop

Identify adaptive approaches that ensure game theory and machine learning are used effectively in protecting IT systems against emerging threats;
Appropriation of game theory and cyber-deception techniques in the context the energy security of wireless sensor networks (WSN);
Mechanisms that can lead and help companies implement AI and Machine Learning internally to strengthen their cybersecurity;
Appropriation of recommendations to detect the attitudinal models of cyber-attackers using abduction with a view to building scalable defense models;
Understand the need for and approaches to developing AI-generated content defense and detection.
The perspectives to be put in place to regulate the use of AI in general and its use in cybersecurity in particular;
Appropriation of recommendations to detect the attitudinal models of cyber-attackers using abduction with a view to building scalable defense models.

Other challenges:

– Discuss and identify method that can detect malicious users in dynamic or static addressing networks;

– Examine mains innovations on utilization of BERT (Bidirectional Encoder Representations from Transformers), MDP (Makov Decision Process) and GAN (Generative Adversarial Network) models to enhance cyber deception mechanisms;

– Have a better knowledge of a game-theoretic method for reducing latency and congestion at the control plane during attacker detection in software-defined networks;

– Identify a deception mechanism that deceives attackers to get real-time information (attack frequency, number of attacks at a given time, etc.) to improve the detection system;

– Learn about theoretic model to overcome the new stealthy attack scenario in which an attacker can stealthily drop packets to degrade network traffic in a tactical environment.

– Learn about tripartite ranking algorithm of assets on a logical attack graph that mainly contains many types of vertices: vulnerabilities, privileges, and potential attack exploits.