{"id":"https://openalex.org/W2912262279","doi":"https://doi.org/10.1109/cdc.2018.8619416","title":"DIFT Games: Dynamic Information Flow Tracking Games for Advanced Persistent Threats","display_name":"DIFT Games: Dynamic Information Flow Tracking Games for Advanced Persistent Threats","publication_year":2018,"publication_date":"2018-12-01","ids":{"openalex":"https://openalex.org/W2912262279","doi":"https://doi.org/10.1109/cdc.2018.8619416","mag":"2912262279"},"language":"en","primary_location":{"id":"doi:10.1109/cdc.2018.8619416","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cdc.2018.8619416","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Conference on Decision and Control (CDC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033433868","display_name":"Dinuka Sahabandu","orcid":"https://orcid.org/0000-0001-7776-7865"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Dinuka Sahabandu","raw_affiliation_strings":["Department of Electrical Engineering, University of Washington, Seattle, WA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041353829","display_name":"Baicen Xiao","orcid":null},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Baicen Xiao","raw_affiliation_strings":["Department of Electrical Engineering, University of Washington, Seattle, WA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004774385","display_name":"Andrew Clark","orcid":"https://orcid.org/0000-0002-5868-6186"},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew Clark","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Worcester Polytechnic Institute, Worcester, MA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Worcester Polytechnic Institute, Worcester, MA, USA","institution_ids":["https://openalex.org/I107077323"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100330717","display_name":"Sang-Ho Lee","orcid":"https://orcid.org/0000-0002-8445-6691"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sangho Lee","raw_affiliation_strings":["College of Computing, Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"College of Computing, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047140382","display_name":"Wenke Lee","orcid":"https://orcid.org/0000-0003-2761-1277"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenke Lee","raw_affiliation_strings":["College of Computing, Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"College of Computing, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079723268","display_name":"Radha Poovendran","orcid":"https://orcid.org/0000-0003-0269-8097"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Radha Poovendran","raw_affiliation_strings":["Department of Electrical Engineering, University of Washington, Seattle, WA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5033433868"],"corresponding_institution_ids":["https://openalex.org/I201448701"],"apc_list":null,"apc_paid":null,"fwci":2.768,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.91485536,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.839979887008667},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8136539459228516},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7457867860794067},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6723718047142029},{"id":"https://openalex.org/keywords/information-flow","display_name":"Information flow","score":0.6672895550727844},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.606622040271759},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5375786423683167},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.534821093082428},{"id":"https://openalex.org/keywords/adversary-model","display_name":"Adversary model","score":0.4819355010986328},{"id":"https://openalex.org/keywords/information-warfare","display_name":"Information warfare","score":0.44186609983444214},{"id":"https://openalex.org/keywords/flow","display_name":"Flow (mathematics)","score":0.4235961139202118},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.27056264877319336}],"concepts":[{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.839979887008667},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8136539459228516},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7457867860794067},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6723718047142029},{"id":"https://openalex.org/C2779136372","wikidata":"https://www.wikidata.org/wiki/Q10283002","display_name":"Information flow","level":2,"score":0.6672895550727844},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.606622040271759},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5375786423683167},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.534821093082428},{"id":"https://openalex.org/C7606001","wikidata":"https://www.wikidata.org/wiki/Q4686702","display_name":"Adversary model","level":3,"score":0.4819355010986328},{"id":"https://openalex.org/C2781349506","wikidata":"https://www.wikidata.org/wiki/Q911036","display_name":"Information warfare","level":2,"score":0.44186609983444214},{"id":"https://openalex.org/C38349280","wikidata":"https://www.wikidata.org/wiki/Q1434290","display_name":"Flow (mathematics)","level":2,"score":0.4235961139202118},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.27056264877319336},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cdc.2018.8619416","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cdc.2018.8619416","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Conference on Decision and Control (CDC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6600000262260437,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1506923107","https://openalex.org/W1533945010","https://openalex.org/W1963971515","https://openalex.org/W2015787697","https://openalex.org/W2060692877","https://openalex.org/W2067064328","https://openalex.org/W2069038223","https://openalex.org/W2100666033","https://openalex.org/W2126879264","https://openalex.org/W2292282511","https://openalex.org/W2766852928","https://openalex.org/W2790316935","https://openalex.org/W3102219781","https://openalex.org/W4252481514"],"related_works":["https://openalex.org/W2522301850","https://openalex.org/W123872086","https://openalex.org/W1583236736","https://openalex.org/W3112099530","https://openalex.org/W4248052496","https://openalex.org/W4251088474","https://openalex.org/W317122954","https://openalex.org/W4362599004","https://openalex.org/W1550213001","https://openalex.org/W2909254089"],"abstract_inverted_index":{"Dynamic":[0],"Information":[1],"Flow":[2],"Tracking":[3],"(DIFT)":[4],"has":[5],"been":[6],"proposed":[7],"to":[8,40,150],"detect":[9],"stealthy":[10],"and":[11,22,30,71,83,121,123,157,174],"persistent":[12],"cyber":[13],"attacks":[14],"that":[15,65,78],"evade":[16],"existing":[17],"defenses":[18],"such":[19],"as":[20,160,162],"firewalls":[21],"signature-based":[23],"antivirus":[24],"systems.":[25],"A":[26],"DIFT":[27,70],"defense":[28,120,158],"taints":[29],"tracks":[31],"suspicious":[32],"information":[33,54,73,109,167],"flows":[34,168],"across":[35],"the":[36,45,61,67,76,79,84,88,108,114,119,129,142,154,163,170],"network":[37],"in":[38,98],"order":[39],"identify":[41],"possible":[42],"attacks,":[43],"at":[44],"cost":[46],"of":[47,87,94,165],"additional":[48],"memory":[49],"overhead":[50,86],"for":[51,117,127],"tracking":[52],"non-adversarial":[53],"flows.":[55],"In":[56],"this":[57],"paper,":[58],"we":[59],"present":[60],"first":[62],"analytical":[63,91],"model":[64,92],"describes":[66],"interaction":[68,171],"between":[69,172],"adversarial":[72],"flows,":[74],"including":[75],"probability":[77],"adversary":[80,156,173],"evades":[81],"detection":[82],"performance":[85],"defense.":[89,175],"Our":[90,131],"consists":[93],"a":[95,103,136],"multi-stage":[96],"game,":[97],"which":[99,107],"each":[100],"stage":[101],"represents":[102],"system":[104],"process":[105],"through":[106],"flow":[110],"passes.":[111],"We":[112],"characterize":[113],"optimal":[115,155],"strategies":[116],"both":[118],"adversary,":[122],"derive":[124],"efficient":[125],"algorithms":[126],"computing":[128],"strategies.":[130],"results":[132],"are":[133],"evaluated":[134],"on":[135,153,169],"realworld":[137],"attack":[138],"dataset":[139],"obtained":[140],"using":[141],"Refinable":[143],"Attack":[144],"Investigation":[145],"(RAIN)":[146],"framework,":[147],"enabling":[148],"us":[149],"draw":[151],"conclusions":[152],"strategies,":[159],"well":[161],"effect":[164],"valid":[166]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}