ABSTRACT
Cyber deception techniques are crucial to protect networks in battlefield settings and combat malicious cyber attacks. Cyber deception can effectively disrupt the surveillance process outcome of an adversary. In this paper, we propose a novel approach for cyber deception to protect important nodes and trap the adversary. We present a sequential approach of honeypot placement to defend and protect the network vital nodes. We formulate a stochastic game to study the dynamic interactions between the network administrator and the attacker. The defender makes strategic decisions about where to place honeypots to introduce new vulnerabilities to the network. The attacker's goal is to develop an attack strategy to compromise the nodes of the network by exploiting a set of known vulnerabilities. To consider a practical threat model, we assume that the attacker can only observe a noisy version of the network state. To this end, both players solve a partially observable stochastic game (POSG). Finally, we present a discussion on existing techniques to solve the formulated game and possible approaches to reduce the game complexity as part of our ongoing and future research.
- Bo An, James Pita, Eric Shieh, Milind Tambe, Chris Kiekintveld, and Janusz Marecki. 2011. GUARDS and PROTECT: Next generation applications of security games. ACM SIGecom Exchanges 10, 1 (2011), 31--34.Google ScholarDigital Library
- Ahmed H Anwar, George Atia, and Mina Guirguis. 2017. Dynamic game-theoretic defense approach against stealthy Jamming attacks in wireless networks. In Communication, Control, and Computing (Allerton), 2017 55th Annual Allerton Conference on. IEEE, 252--258.Google ScholarCross Ref
- DEPARTMENT OF THE ARMY. 2019. Army Support to Military Deception. (2019). https://fas.org/irp/doddir/army/fm3-13-4.pdfGoogle Scholar
- Tamer Başar and Geert Jan Olsder. 1998. Dynamic noncooperative game theory. SIAM.Google Scholar
- Mark Bilinski, Ryan Gabrys, and Justin Mauger. 2018. Optimal Placement of Honeypots for Network Defense. In International Conference on Decision and Game Theory for Security. Springer, 115--126.Google Scholar
- Branislav Bosansky, Albert Xin Jiang, Milind Tambe, and Christopher Kiekintveld. 2015. Combining compact representation and incremental generation in large games with sequential strategies. In Twenty-Ninth AAAI Conference on Artificial Intelligence.Google ScholarDigital Library
- Lucian Bu, Robert Babu, Bart De Schutter, et al. 2008. A comprehensive survey of multiagent reinforcement learning. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) 38, 2 (2008), 156--172.Google ScholarDigital Library
- Thomas E Carroll and Daniel Grosu. 2011. A game theoretic investigation of deception in network security. Security and Communication Networks 4, 10 (2011), 1162--1172.Google ScholarCross Ref
- Hayreddin Çeker, Jun Zhuang, Shambhu Upadhyaya, Quang Duy La, and Boon-Hee Soong. 2016. Deception-based game theoretical approach to mitigate DoS attacks. In International Conference on Decision and Game Theory for Security. Springer, 18--38.Google Scholar
- Andrew Clark, Quanyan Zhu, Radha Poovendran, and Tamer Başar. 2012. Deceptive routing in relay networks. In International Conference on Decision and Game Theory for Security. Springer, 171--185.Google ScholarCross Ref
- Karel Durkota, Viliam Lisỳ, Branislav Bošanský, and Christopher Kiekintveld. 2015. Approximate solutions for attack graph games with imperfect information. In International Conference on Decision and Game Theory for Security. Springer, 228--249.Google ScholarCross Ref
- Karel Durkota, Viliam Lisỳ, Branislav Bosanskỳ, and Christopher Kiekintveld. 2015. Optimal Network Security Hardening Using Attack Graph Games.. In IJCAI. 526--532.Google Scholar
- Karel Durkota, Viliam Lisỳ, Christopher Kiekintveld, Branislav Bošanskỳ, and Michal Pěchoucek. 2016. Case studies of network defense with attack graph games. IEEE Intelligent Systems 31, 5 (2016), 24--30.Google ScholarCross Ref
- Patrick Engebretson. 2013. The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier.Google Scholar
- Eric A Hansen, Daniel S Bernstein, and Shlomo Zilberstein. 2004. Dynamic programming for partially observable stochastic games. In AAAI, Vol. 4. 709--715.Google Scholar
- Cisco Visual Networking Index. 2017. Global mobile data traffic forecast update, 2016--2021 whitepaper. Cisco: San Jose, CA, USA (2017).Google Scholar
- Manish Jain, Dmytro Korzhyk, Ondřej Vaněk, Vincent Conitzer, Michal Pěchouček, and Milind Tambe. 2011. A double oracle algorithm for zero-sum security games on graphs. In The 10th International Conference on Autonomous Agents and Multiagent Systems-Volume 1. 327--334.Google ScholarDigital Library
- Sushil Jajodia, Paulo Shakarian, VS Subrahmanian, Vipin Swarup, and Cliff Wang. 2015. Cyber warfare: building the scientific foundation. Vol. 56. Springer.Google Scholar
- Leslie Pack Kaelbling, Michael L Littman, and Anthony R Cassandra. 1998. Planning and acting in partially observable stochastic domains. Artificial intelligence 101, 1--2 (1998), 99--134.Google Scholar
- Charles A Kamhoua. 2018. Game theoretic modeling of cyber deception in the Internet of Battlefield Things. In 2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton). IEEE, 862--862.Google ScholarDigital Library
- Alexander Kott, Ananthram Swami, and Bruce J West. 2016. The internet of battle things. Computer 49, 12 (2016), 70--75.Google ScholarDigital Library
- Akshat Kumar and Shlomo Zilberstein. 2009. Dynamic programming approximations for partially observable stochastic games. In Twenty-Second International FLAIRS Conference.Google Scholar
- Joshua Letchford and Yevgeniy Vorobeychik. 2013. Optimal interdiction of attack plans. In Proceedings of the 2013 international conference on Autonomous agents and multi-agent systems. International Foundation for Autonomous Agents and Multiagent Systems, 199--206.Google Scholar
- Yapeng Li, Yu Xiao, Yong Li, and Jun Wu. 2018. Which Targets to Protect in Critical Infrastructures-A Game-Theoretic Solution From a Network Science Perspective. IEEE Access 6 (2018), 56214--56221.Google ScholarCross Ref
- Gordon Fyodor Lyon. 2009. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure.Google Scholar
- National Vulnerability Database. [n.d.]. https://nvd.nist.gov/. https://nvd.nist.gov/Google Scholar
- Xinming Ou, Wayne F Boyer, and Miles A McQueen. 2006. A scalable approach to attack graph generation. In Proceedings of the 13th ACM conference on Computer and communications security. ACM, 336--345.Google ScholarDigital Library
- Xinming Ou, Sudhakar Govindavajhala, and Andrew W Appel. 2005. MulVAL: A Logic-based Network Security Analyzer.. In USENIX Security Symposium, Vol. 8. Baltimore, MD.Google Scholar
- Radek Píbil, Viliam Lisỳ, Christopher Kiekintveld, Branislav Bošanskỳ, and Michal Pěchouček. 2012. Game theoretic model of strategic honeypot selection in computer networks. In International Conference on Decision and Game Theory for Security. Springer, 201--220.Google ScholarCross Ref
- James Pita, Manish Jain, Janusz Marecki, Fernando Ordóñez, Christopher Portway, Milind Tambe, Craig Western, Praveen Paruchuri, and Sarit Kraus. 2008. Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport. In Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems: industrial track. International Foundation for Autonomous Agents and Multiagent Systems, 125--132.Google ScholarDigital Library
- Neil C Rowe and Han C Goh. 2007. Thwarting cyber-attack reconnaissance with inconsistency and deception. In Information Assurance and Security Workshop, 2007. IAW'07. IEEE SMC. IEEE, 151--158.Google ScholarCross Ref
- Aaron Schlenker, Omkar Thakoor, Haifeng Xu, Fei Fang, Milind Tambe, Long Tran-Thanh, Phebe Vayanos, and Yevgeniy Vorobeychik. 2018. Deceiving cyber adversaries: A game theoretic approach. In Proceedings of the 17th International Conference on Autonomous Agents and MultiAgent Systems. International Foundation for Autonomous Agents and Multiagent Systems, 892--900.Google Scholar
- Jason Tsai, Christopher Kiekintveld, Fernando Ordonez, Milind Tambe, and Shyamsunder Rathi. 2009. IRIS-a tool for strategic security allocation in transportation networks. (2009).Google Scholar
- Yevgeniy Vorobeychik. 2013. Optimal interdiction of attack plans. Technical Report. Sandia National Laboratories.Google Scholar
- Wenyuan Xu, Wade Trappe, Yanyong Zhang, and Timothy Wood. 2005. The feasibility of launching and detecting jamming attacks in wireless networks. In Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing. ACM, 46--57.Google ScholarDigital Library
- Tao Zhang and Quanyan Zhu. 2018. Hypothesis Testing Game for Cyber Deception. In International Conference on Decision and Game Theory for Security. Springer, 540--555.Google Scholar
Index Terms
- A game-theoretic framework for dynamic cyber deception in internet of battlefield things
Recommendations
Game Theoretic Models for Cyber Deception
MTD '21: Proceedings of the 8th ACM Workshop on Moving Target DefenseCyber deception has great potential in thwarting cyberattacks [1, 4, 8]. A defender (e.g., network administrator) can use deceptive cyber artifacts such as honeypots and faking services to confuse attackers (e.g., hackers) and thus reduce the success ...
Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach
Decision and Game Theory for SecurityAbstractReconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by ...
Game Theory on Attack Graph for Cyber Deception
Decision and Game Theory for SecurityAbstractGame Theory provides a set of tools and a framework suitable to study security problems. In this paper, a class of games is developed to study cyber deception and the interactions between the network defender who is deceiving an adversary to ...
Comments