Prospect Theoretic Study of Honeypot Defense Against Advanced Persistent Threats in Power Grid

As one of the most critical infrastructure, the power grid has been increasingly threatened by network attacks, especially advanced persistent threats (APTs). APT in the power grid is a continual and stealthy attack that analyzes the interaction between the cyber layer and the physical layer. The existing offensive and defensive processes for power grid using honeypots against APTs are modeled based on full rationality. Therefore, both the attacker and the defender make decisions to maximize their payoffs under full rationality. However, fully rational decisions made by end-users are not always conformed with the real cases, and prospect theory is a typical boundedly rational method to model these deviations. In this study, we propose a subjective APT-honeypot game model to study the offensive and defensive interactions between the attacker and the defender based on the prospect theory. In this model, we protect the power grid bus nodes by deploying honeypots, which consider both low- and high-interaction honeypot modes. We prove the existence of Bayesian-Nash equilibrium strategies in defense and attack strategies under bounded rationality. In addition, we used IEEE-30 Bus system to verify the proposed model in this paper. Experiment results show that bounded rationality affects strategy selection and reduces attacker’s payoffs.

[1]  Yunjie Gu,et al.  Frequency-Coordinating Virtual Impedance for Autonomous Power Management of DC Microgrid , 2015, IEEE Transactions on Power Electronics.

[2]  Won Hyung Park,et al.  A study on cyber threat prediction based on intrusion detection event for APT attack detection , 2012, Multimedia Tools and Applications.

[3]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[4]  Quanyan Zhu,et al.  Secure and Resilient Control Design for Cloud Enabled Networked Control Systems , 2015, CPS-SPC '15.

[5]  Walid Saad,et al.  Stochastic Games for the Smart Grid Energy Management With Prospect Prosumers , 2016, IEEE Transactions on Automatic Control.

[6]  H. Simon Bounded Rationality and Organizational Learning , 1991 .

[7]  H. Vincent Poor,et al.  Attacker-Centric View of a Detection Game against Advanced Persistent Threats , 2018, IEEE Transactions on Mobile Computing.

[8]  S. M. Shahidehpour,et al.  Application of games with incomplete information for pricing electricity in deregulated power pools , 1998 .

[9]  Jian Shen,et al.  Game-Theory-Based Active Defense for Intrusion Detection in Cyber-Physical Embedded Systems , 2016, ACM Trans. Embed. Comput. Syst..

[10]  Min Ouyang,et al.  Comparisons of complex network based models and direct current power flow model to analyze power grid vulnerability under intentional attacks , 2014 .

[11]  Henry L. Owen,et al.  The use of Honeynets to detect exploited systems across large enterprise networks , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[12]  Moshe Ben-Akiva,et al.  Adaptive route choices in risky traffic networks: A prospect theory approach , 2010 .

[13]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[14]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[15]  Yanfei Sun,et al.  Strategic Honeypot Game Model for Distributed Denial of Service Attacks in the Smart Grid , 2017, IEEE Transactions on Smart Grid.

[16]  Guang-jie Liu,et al.  Defense Strategies Against Network Attacks in Cyber-Physical Systems with Analysis Cost Constraint Based on Honeypot Game Model , 2019 .

[17]  Mengjun Li,et al.  A Framework of APT Detection Based on Dynamic Analysis , 2016 .

[18]  Walid Saad,et al.  Prospect theory for enhanced cyber-physical security of drone delivery systems: A network interdiction game , 2017, 2017 IEEE International Conference on Communications (ICC).

[19]  H. Vincent Poor,et al.  Cloud Storage Defense Against Advanced Persistent Threats: A Prospect Theoretic Study , 2017, IEEE Journal on Selected Areas in Communications.

[20]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[21]  Walid Saad,et al.  Toward a Consumer-Centric Grid: A Behavioral Perspective , 2015, Proceedings of the IEEE.

[22]  Bin Liu,et al.  Recognition and Vulnerability Analysis of Key Nodes in Power Grid Based on Complex Network Centrality , 2018, IEEE Transactions on Circuits and Systems II: Express Briefs.

[23]  Joan L. Walker,et al.  Risk, uncertainty and discrete choice models , 2008 .

[24]  C. Starmer Developments in Non-expected Utility Theory: The Hunt for a Descriptive Theory of Choice under Risk , 2000 .

[25]  H. Vincent Poor,et al.  Prospect Theoretic Analysis of Energy Exchange Among Microgrids , 2015, IEEE Transactions on Smart Grid.

[26]  Yuewei Dai,et al.  Honeypot game‐theoretical model for defending against APT attacks with limited resources in cyber‐physical systems , 2019 .

[27]  Liang Xiao,et al.  Evolutionary Game Theoretic Analysis of Advanced Persistent Threats Against Cloud Storage , 2017, IEEE Access.

[28]  Jing Liu,et al.  A Survey of Game Theoretic Methods for Cyber Security , 2016, 2016 IEEE First International Conference on Data Science in Cyberspace (DSC).

[29]  Kun Wang,et al.  An SDN-Enabled Pseudo-Honeypot Strategy for Distributed Denial of Service Attacks in Industrial Internet of Things , 2020, IEEE Transactions on Industrial Informatics.

[30]  Deepa Kundur,et al.  A Game-Theoretic Analysis of Cyber Switching Attacks and Mitigation in Smart Grid Systems , 2016, IEEE Transactions on Smart Grid.