game thery and digital forensics
DESCRIPTION
Digital ForensicTRANSCRIPT
![Page 1: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/1.jpg)
Game-Theoretic Approach
to
Digital Forensics Investigation
Ali Dehghantanha
Senior Lecturer- University Putra Malaysia
A Seminar for UCD on 24th Aug 2012
![Page 2: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/2.jpg)
About Me
• Ph.D and M.Sc in “Security in Computing”
• CISSP, ISMS L.A, C|EI, E|CSA, C|EH, C|HFI,…
• Relevant research projects: Linear Temporal Formal Privacy Models: My Ph.D!
A Formal Rule-Based Privacy Respecting Forensics Investigation: Invited Speech EC-SPRIDE- Germany.
Cyber Warfare Investigation Techniques; Past, Present and Future: Keynote DEIS2012- Czech Republic.
And several real-case investigations
![Page 3: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/3.jpg)
A Happy Investigator Until…
• Airport X investigation!!
Complex
Limited resources
All sorts of devices that you can
think of!!
How can I deploy my limited resources to
maximize investigation efficiency?!!!
![Page 4: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/4.jpg)
What is the Main Cause for Following?!
Estonia- 27 Apr 2007
Iran- 01 Jun 2010
Siberia- 1982
Brazil- 2007
![Page 5: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/5.jpg)
Am I the Only One?!
• Clouds
• Enterprise networks
• IH in heterogeneous networks
• Nationwide investigations
limited resources + maximum effectiveness
![Page 6: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/6.jpg)
Not Far Investigation Cases?!
![Page 7: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/7.jpg)
Game-Theory are you Kidding?!
“G.T provides sound mathematical
approach for deploying limited resources to
maximize their effectiveness”
Cyberwar G.T- Penn university
GUARDS - Game Theoretic Security Allocation
on a National Scale- USC
ARMOR: Assistant for
Randomized Monitoring Over
Routes- USC
![Page 8: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/8.jpg)
1. Optimizes crime monitoring
systems
2. Provides best responses to
Cyberwar
3. Assists in patrolling systems
1. Provides best possible evidence
locations!
2. Best incident response!
3. Maximizes resource efficiency in
I.H and digital forensics
![Page 9: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/9.jpg)
Elements of our Game!
A repetitive continuous actions
strategic game between
multiple possibly irrational hackers
and multiple investigators with
multiple strategies for both parties!
It is a leader (hacker)- follower
(investigator) game with
incomplete information
While hackers payoff is to maximize
the damage and minimize tracks and
investigators payoff is to contain
incident and find more evidences.
![Page 10: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/10.jpg)
Research Stages
1- Non-repetitive, rational hackers with finite actions
2- Rational hackers, finite actions but with learning
3- Irrational hackers, continuous actions
![Page 11: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/11.jpg)
Expected Contributions
1. Modeling real-world attack strategies.
2. A solution for efficient investigation and incident
handling in heterogeneous networks.
3. Computational algorithms to find exact or approximate
equilibriums.
4. Formally defining new area in game-theory known as
“Digital Forensics Games”
![Page 12: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/12.jpg)
Potential Applications
1. For investigators as an efficient solution for enterprise
investigation!
2. For incident handlers to find most probable cause of
incidents and best containment strategies.
3. For security defenders to find efficient protection
solutions that bring them needed equilibrium.
4. Assisting cyber-warriors in their strategic modeling
![Page 13: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/13.jpg)
More Details of 1st Stage (limited information + multiple parties + multiple strategies) - (finite actions +
non-repetitive + rational)
So 1. Non-Zer0 Sum Bayesian Stackelberg game!
2. Looking for exact SSE such that “Not-Attacking” would
be the best attackers choice for the asset!
3. Based-on evidences and finite strategies finding current
approximate SSE!
4. Advice on not sufficiently protected assets that caused
current SSE!
![Page 14: Game Thery and Digital Forensics](https://reader034.vdocument.in/reader034/viewer/2022042717/563db839550346aa9a91b5a1/html5/thumbnails/14.jpg)
Thanks!
And Sun Tzu old rules still working!! One who knows the enemy and knows himself
will not be endangered in a hundred engagements
One who knows neither the enemy nor himself will invariably be defeated in every engagement
One who does not know the enemy but knows himself will sometimes be victorious
Ali Dehghantanha