Cyber-Security in Critical Infrastructures: A Game-Theoretic Approach
暫譯: 關鍵基礎設施中的網路安全:一種博弈論方法
Rass, Stefan, Schauer, Stefan, König, Sandra
相關主題
商品描述
This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an advanced persistent threat. Security precautions must match these diverse threat patterns in an equally diverse manner; in response, this book provides a wealth of techniques for protection and mitigation.
Much traditional security research has a narrow focus on specific attack scenarios or applications, and strives to make an attack "practically impossible." A more recent approach to security views it as a scenario in which the cost of an attack exceeds the potential reward. This does not rule out the possibility of an attack but minimizes its likelihood to the least possible risk. The book follows this economic definition of security, offering a management scientific view that seeks a balance between security investments and their resulting benefits. It focuses on optimization of resources in light of threats such as terrorism and advanced persistent threats.
Drawing on the authors' experience and inspired by real case studies, the book provides a systematic approach to critical infrastructure security and resilience. Presenting a mixture of theoretical work and practical success stories, the book is chiefly intended for students and practitioners seeking an introduction to game- and decision-theoretic techniques for security. The required mathematical concepts are self-contained, rigorously introduced, and illustrated by case studies. The book also provides software tools that help guide readers in the practical use of the scientific models and computational frameworks.
商品描述(中文翻譯)
本書呈現了一系列選定的遊戲與決策理論模型,以達成和評估關鍵基礎設施的安全性。鑒於當前各類安全事件的報告,我們可以看到攻擊性質的範式轉變,這些攻擊越來越異質,結合了不同的技術,形成我們所知的持續性高級威脅(advanced persistent threat)。安全防範措施必須以同樣多樣的方式來應對這些多樣的威脅模式;因此,本書提供了豐富的保護和緩解技術。
許多傳統的安全研究專注於特定的攻擊場景或應用,並努力使攻擊「實際上不可能」。較新的安全觀點則將其視為一種情境,其中攻擊的成本超過潛在的獎勵。這並不排除攻擊的可能性,但將其可能性降至最低風險。本書遵循這一經濟安全定義,提供一種管理科學的視角,尋求安全投資與其所帶來的效益之間的平衡。它專注於在恐怖主義和持續性高級威脅等威脅下的資源優化。
本書借鑒了作者的經驗,並受到真實案例研究的啟發,提供了一種系統化的關鍵基礎設施安全與韌性的方法。書中呈現了理論研究與實際成功案例的混合,主要針對尋求遊戲與決策理論技術安全入門的學生和從業者。所需的數學概念是自成體系的,嚴謹地介紹並通過案例研究進行說明。本書還提供了幫助讀者在實際使用科學模型和計算框架時的軟體工具。
作者簡介
Stefan Rass graduated with a double master degree in mathematics and computer science from the Universitaet Klagenfurt (AAU) in 2005. He received a Ph.D. degree in mathematics in 2009 and habilitated on applied computer science and system security in 2014. His research interests cover decision theory and game-theory with applications in system security, as well as complexity theory, statistics, and information-theoretic security. He won several awards, and authored numerous papers related to security and applied statistics and decision theory in security. He (co-authored) the book "Cryptography for Security and Privacy in Cloud Computing," published by Artech House, and edited the Springer Birkhäuser Book "Game Theory for Security and Risk Management: From Theory to Practice" in the series on Static & Dynamic Game Theory: Foundations & Applications. He participated in various nationally and internationally funded research projects, as well as being a contributing researcher in many EU projects and offering consultancy services to the industry. He chaired and co-chaired scientific conferences related to security, such as the 2015 Central European Conference on Cryptography, as well as the 8th Conference on Decision and Game Theory for Security, and the 2020 ICRA Workshop on Security in Robotics. Currently, he is an associate professor at the AAU, teaching courses on algorithms and data structures, theoretical computer science, complexity theory, security, and cryptography.
Stefan Schauer is a researcher in the Center for Digital Safety & Security at the Austrian Institute of Technology (AIT). He studied Computer Science at the University of Klagenfurt and received his PhD in Theoretical Physics, working on Quantum Cryptography and Entanglement Swapping, at the Technical University Vienna. Since 2005, he is working for the AIT in several projects related to the fields of classical security and risk management, in particular in the context of critical infrastructure protection. Currently, his main research activities focus on novel approaches for risk management and risk assessment using methodologies from the field of game theory. Stefan Schauer has taken his research into practice in the course of several national and international research projects, where the theoretical concepts are evaluated together with critical infrastructure operators and other end users. Further, he coordinated the EU FP7 project "HyRiM - Hybrid Risk Management for Utility Networks", in which a novel risk management approach for utility providers was developed. He is currently involved in the EU H2020 project SAURON, where he looks at methodologies to implement a hybrid situational awareness solution for maritime port infrastructures.
Sandra König is a researcher in the Centre for Digital Safety & Security and the Centre for Dependable Systems Engineering at the Austrian Institute of Technology (AIT). She received her BSc and MSc degree in mathematics with a focus on Statistics at ETH Zurich and her PhD with distinction in Mathematics at Alpen-Adria University Klagenfurt in 2013. Her research interests range from stochastics, statistics and machine learning to automata and game theory. ln several national and international projects, she developed risk models for interdependent networks, such as critical infrastructures, and methods to estimate cascading effects therein. She is a regular contributor to international conferences that focus on security of critical infrastructures, logistics, simulation, and game theory. ln 2019, she received a best paper award at Computing Conference in London. Beyond research, she is a lecturer for mathematics at the university of applied science in Krems, Austria.
Quanyan Zhu received B. Eng. in Honors Electrical Engineering from McGill University in 2006, M. A. Sc. from the University of Toronto in 2008, and Ph.D. from the University of Illinois at Urbana-Champaign (UIUC) in 2013. After stints at Princeton University, he is currently an associate professor at the Department of Electrical and Computer Engineering, New York University (NYU). He is an affiliated faculty member of the Center for Urban Science and Progress (CUSP) at NYU. He is a recipient of many awards, including NSF CAREER Award, NYU Goddard Junior Faculty Fellowship, NSERC Postdoctoral Fellowship (PDF), NSERC Canada Graduate Scholarship (CGS), and Mavis Future Faculty Fellowships. He spearheaded and chaired INFOCOM Workshop on Communications and Control on Smart Energy Systems (CCSES), Midwest Workshop on Control and Game Theory (WCGT), and ICRA workshop on Security and Privacy of Robotics. His current research interests include game theory, machine learning, cyber deception, network optimization and control, Internet of Things, and cyber-physical systems. He has served as the general chair or TPC chair of the 7th Conference on Decision and Game Theory for Security (GameSec) in 2016, the 9th International Conference on NETwork Games, COntrol and OPtimisation (NETGCOOP) in 2018, the 5th International Conference on Artificial Intelligence and Security (ICAIS 2019) in 2019, and 2020 IEEE Workshop on Information Forensics and Security (WIFS). His current research is supported by NSF, DoD, DOE, DHS, DOT, and DARPA.
作者簡介(中文翻譯)
**Stefan Rass** 於2005年從克拉根福大學(Universitaet Klagenfurt, AAU)獲得數學與計算機科學的雙碩士學位。他於2009年獲得數學博士學位,並於2014年在應用計算機科學與系統安全方面取得了資格認證。他的研究興趣涵蓋決策理論和博弈論,並應用於系統安全,以及複雜性理論、統計學和信息理論安全。他獲得了多個獎項,並撰寫了多篇與安全、應用統計和安全決策理論相關的論文。他(共同)編著了由Artech House出版的《雲計算中的安全與隱私密碼學》(Cryptography for Security and Privacy in Cloud Computing)一書,並編輯了Springer Birkhäuser出版的《安全與風險管理的博弈論:從理論到實踐》(Game Theory for Security and Risk Management: From Theory to Practice),該書屬於靜態與動態博弈論:基礎與應用系列。他參與了多個國內和國際資助的研究項目,並在許多歐盟項目中擔任貢獻研究員,為業界提供諮詢服務。他主持和共同主持了與安全相關的科學會議,例如2015年中歐密碼學會議,以及第八屆安全決策與博弈論會議和2020年機器人安全ICRA研討會。目前,他是AAU的副教授,教授算法與數據結構、理論計算機科學、複雜性理論、安全和密碼學等課程。
**Stefan Schauer** 是奧地利科技研究院(AIT)數位安全與安全中心的研究員。他在克拉根福大學學習計算機科學,並在維也納科技大學獲得理論物理博士學位,研究主題為量子密碼學和糾纏交換。自2005年以來,他在AIT參與了多個與經典安全和風險管理相關的項目,特別是在關鍵基礎設施保護的背景下。目前,他的主要研究活動集中在使用博弈論領域的方法論來進行風險管理和風險評估的新方法。Stefan Schauer在多個國內和國際研究項目中將其研究付諸實踐,與關鍵基礎設施運營商和其他最終用戶共同評估理論概念。此外,他協調了歐盟FP7項目「HyRiM - 公用事業網絡的混合風險管理」,在該項目中為公用事業提供商開發了一種新的風險管理方法。目前,他參與了歐盟H2020項目SAURON,研究如何為海事港口基礎設施實施混合情境感知解決方案的方法論。
**Sandra König** 是奧地利科技研究院(AIT)數位安全與安全中心及可靠系統工程中心的研究員。她在蘇黎世聯邦理工學院(ETH Zurich)獲得數學學士和碩士學位,專注於統計學,並於2013年在阿爾卑斯-亞得里亞大學(Alpen-Adria University Klagenfurt)獲得數學博士學位,並以優異成績畢業。她的研究興趣涵蓋隨機過程、統計學和機器學習,以及自動機和博弈論。在多個國內和國際項目中,她為相互依賴的網絡(如關鍵基礎設施)開發了風險模型,並提出了估算其中級聯效應的方法。她是專注於關鍵基礎設施安全、物流、模擬和博弈論的國際會議的定期貢獻者。2019年,她在倫敦的計算會議上獲得最佳論文獎。除了研究外,她還是奧地利克雷姆斯應用科學大學的數學講師。
**Quanyan Zhu** 於2006年在麥吉爾大學獲得榮譽電氣工程學士學位,2008年在多倫多大學獲得碩士學位,並於2013年在伊利諾伊大學香檳分校(UIUC)獲得博士學位。在普林斯頓大學工作後,他目前是紐約大學(NYU)電氣與計算機工程系的副教授。他是NYU城市科學與進步中心(CUSP)的附屬教員。他獲得了多個獎項,包括NSF CAREER獎、NYU Goddard年輕教員獎、NSERC博士後獎學金(PDF)、NSERC加拿大研究生獎學金(CGS)和Mavis未來教員獎學金。他主導並主持了有關智能能源系統的通信與控制的INFOCOM研討會(CCSES)、中西部控制與博弈論研討會(WCGT)以及機器人安全與隱私的ICRA研討會。他目前的研究興趣包括博弈論、機器學習、網絡欺騙、網絡優化與控制、物聯網和網絡物理系統。他曾擔任2016年第七屆安全決策與博弈論會議(GameSec)、2018年第九屆國際網絡博弈、控制與優化會議(NETGCOOP)、2019年第五屆國際人工智慧與安全會議(ICAIS 2019)以及2020年IEEE信息取證與安全研討會(WIFS)的總主席或技術程序委員會主席。他目前的研究得到了NSF、國防部、能源部、國土安全部、交通部和DARPA的支持。
