Cyber Hide-and-Seek
Security, Modelling, Simulation, Game Theory
We propose to model a network attack as a game of hide-and-seek between an attacker and a defender.
In the game of hide-and-seek, one player, the hider, conceals a set of objects on the nodes of a network, and a seeker must locate them by taking into account how the hider has concealed them.
In a network attack, an attacker regularly leverages a subset of hosts in a legitimate network (e.g. creating bots in a peer-to-peer (P2P) network) to work on their behalf in order to attack a network. These nodes must be found, and blocked, if a defender is to protect their network. In both these cases, the task of the seeker and the task of the defender are the same: to not only search the graph, but to also understand how the opponent has actively concealed the objects sought. A seeker and a defender can therefore be considered interchangeably. Under this framing, the seeker is a benign entity, but the versatility of the hide-and-seek model also allows us to consider the case in which a seeker is an attacker (e.g. an intruder in a network). In both cases, solutions for the hide-and-seek game can provide recommendations for how a defender should act in order to protect their network.
However, current hide-and-seek game models avoid incorporating parameters that may increase the complexity of the game. We argue that these same parameters – an arbitrary network topology, and multiple player interactions, among others – must be included in order to accurately capture the dynamics of a network attack. We therefore present a new hide-and-seek game model, which is designed to include these parameters. We define this model conceptually, before using it to implement a simulation platform (HideANDSeek). This platform supports both the development of strategies, and an estimation of their payoffs. Using these estimations, we are able to solve the game of hide-and-seek, under various configurations, and thus provide the aforementioned recommendations for how to play the game and how to act during, or in preparation for, a network attack.
