A Game Theoretic Investigation of Deception in Network Security

We perform a game theoretic investigation of the effects of deception on the interactions between an attacker and a defender of a computer network. The defender can employ camouflage by either disguising a normal system as a honeypot or by disguising a honeypot as a normal system. We model the interactions between defender and attacker using a signaling game, a non-cooperative two player dynamic game of incomplete information. For this model, we determine which strategies admit perfect Bayesian equilibria. These equilibria are refined Nash equilibria in which neither the defender nor the attacker will unilaterally choose to deviate from their strategies. We discuss the benefits of employing deceptive equilibrium strategies in the defense of a computer network. Copyright © 2010 John Wiley & Sons, Ltd.

[1]  Iliano Cervesato,et al.  Preface to the special issue of selected papers from FCS/VERIFY 2002 , 2004, International Journal of Information Security.

[2]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[3]  Neil C. Rowe,et al.  Measuring the Effectiveness of Honeypot Counter-Counterdeception , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[4]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[5]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[6]  R. Browne C4I defensive infrastructure for survivability against multi-mode attacks , 2000, MILCOM 2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information Superiority (Cat. No.00CH37155).

[7]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[8]  A. Patcha,et al.  A game theoretic approach to modeling intrusion detection in mobile ad hoc networks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[9]  Paul F. Syverson,et al.  A different look at secure distributed computation , 1997, Proceedings 10th Computer Security Foundations Workshop.

[10]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[11]  N. Garg,et al.  Deception in Honeynets: A Game-Theoretic Analysis , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[12]  F. Cohen,et al.  Misleading attackers with deception , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[13]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[14]  Joao P. Hespanha,et al.  Preliminary results in routing games , 2001, Proceedings of the 2001 American Control Conference. (Cat. No.01CH37148).

[15]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[16]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, ICCCN.

[17]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2005, ACM Trans. Inf. Syst. Secur..

[18]  R. Gibbons Game theory for applied economists , 1992 .

[19]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[20]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[21]  Neil C. Rowe,et al.  Defending Cyberspace with Fake Honeypots , 2007, J. Comput..

[22]  Bill McCarty The Honeynet Arms Race , 2003, IEEE Secur. Priv..

[23]  J. Bowyer Bell,et al.  Cheating and Deception , 1991 .

[24]  Lance Spitzner,et al.  The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..

[25]  Erik Lee,et al.  Final Report for the Network Security Mechanisms Utilizing Network Address Translation LDRD Project , 2002 .

[26]  Fred Cohen,et al.  A note on the role of deception in information protection , 1998, Computers & security.

[27]  Xuejun Tan,et al.  On Recognizing Virtual Honeypots and Countermeasures , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.