Guaranteed Trade-Offs in Dynamic Information Flow Tracking Games

We consider security risks in the form of advanced persistent threats (APTs) and their detection using dynamic information flow tracking (DIFT). We model the tracking and the detection as a stochastic game between the attacker and the defender. Compared to the state of the art, our approach applies to a wider set of scenarios with arbitrary (not only acyclic) information-flow structure. Moreover, multidimensional rewards allow us to formulate and answer questions related to trade-offs between resource efficiency of the tracking and efficacy of the detection. Finally, our algorithm provides results with probably approximately correct (PAC) guarantees, in contrast to previous (possibly arbitrarily imprecise) learning-based approaches.