[PhD defence] 03/12/2024 - Arnold KOUAM KOUNCHOU: "Jeu de centralité pour la cyberdéception contre la propagation d'épidémies dans le réseau" (UPR LIA)

Arnold KOUAM KOUNCHOU will defend his thesis on Tuesday 3 December 2024 on the theme: "Jeu de centralité pour la cyberdéception contre la propagation d'épidémies dans le réseau" (Centrality game for cyberdeception against the spread of epidemics in the network).

Laboratory

UPR 4128 LIA - Avignon Computing Laboratory

Composition of the jury

MR YEZEKAEL HAYEL	Avignon University	Thesis supervisor
Mr Tomáš KROUPA	Czech Technical University in Prague	Rapporteur
Mr Quanyan ZHU	New York University	Rapporteur
Alexandre REIFFERS-MASSON	IMT Atlantique Bretagne-Pays de la Loire Brest Campus	Examiner
Mr Abderrahim BENSLIMANE	Avignon University	Examiner
Mr Jean-Pierre LIENOU	University of Dschang	Examiner
Mr Charles KAMHOUA	DEVCOM Army Research Laboratory	Thesis co-director
Mr Gabriel DEUGOUE	University of Dschang	Thesis co-director

Summary

The increase in data breaches and service interruptions poses a growing threat to internal security, with potentially devastating consequences for individuals and organisations. Consequently, users of information and communication technologies need to adopt tools that are both effective and efficient in countering the spread of malware. The term users encompasses a variety of actors, including individuals, companies, governmental and non-governmental organisations, as well as states - in short, any person or group communicating via new technologies. Among the most pressing threats they face are lateral movements and large-scale epidemic propagation, facilitated by the stealthy recruitment of unsuspecting users into botnets, veritable armies of cyber-terrorists capable of inflicting major damage, such as paralysing businesses whose services are used by these same users. In these scenarios, as in many others, users, deceived by skilled experts known as attackers, unwittingly take part in cyber attacks, with deception being the main vector of attack. Unlike defenders, cybercriminals frequently violate confidentiality rules, which enables them to be better informed, sometimes unilaterally, about the level of compromise of each user. In their efforts to take control of several devices, attackers inject malicious code from infected devices into vulnerable neighbouring devices, triggering a conflict with network administrators, known as defenders, who seek to reduce the attackers' influence. The two agents, the attacker and the defender, both intelligent and rational, engage in dynamic competition, each seeking optimal strategies within the network. Game-theoretic models are widely used to address these epidemic propagation problems, with stochastic games (SGs) proving particularly suitable due to two key factors: (1) their focus on the overall outcome, or utility, rather than the rewards of individual stages of the game; and (2) their recognition of the inability of players to fully control the evolution of the system, reflecting the naivety of users. When we take into account the asymmetry of information, where only the attackers are perfectly informed about the state of the network, the problem becomes a partially observable stochastic game (POSG). Furthermore, the naivety of users allows attackers to exploit them, complicating the task of the defender. One approach to countering these attackers is to set up ambushes, subtle traps designed to prevent malicious actions. Taking all these factors into account, some authors have proposed a value iteration to solve this POSG. Although the proposed algorithm converges towards the optimal solution, the scalability problem persists in large networks. To overcome this dimensionality issue, we propose a Bayesian game framework that incorporates the network topology by exploiting centrality measures to evaluate the influence of network nodes. Our approach shows that the best strategy for each player, at any given time, is to target the most influential nodes in the network. Furthermore, we show that defenders, instead of continuously updating their beliefs about the state of the network, can adopt a condensed representation of their belief for each node, without altering their optimal strategy. This allows the defender to manage a vector of size n (in a network of n nodes) instead of the exponentially larger vector of size 2^n.

Keywords Game theory, Lateral movement, Centrality measures, Cyber security, Cyber deception, Bayesian game