Game Theoretic Cyber Deception to Foil Adversarial Network Reconnaissance

Cyber adversaries are known to complete network attacks after lengthy reconnaissance phases where they map out the vulnerabilities present inside an enterprise network to find the best route of compromise. Using deceptive responses to alter the perceived configurations (system characteristics) of hosts observed from reconnaissance activities gives the network administrator the ability to increase uncertainty to an adversary attempting to compromise the network. We introduce a novel game-theoretic model of deceptive interactions of this kind between a defender and a cyber attacker, which we call the Cyber Deception Game. This work considers both a powerful (rational) attacker, who is aware of the deception and has a robust amount of information of the defender’s deception strategy, and a naive attacker who is not aware with fixed preferences over observed network hosts. We show that computing the optimal deception strategy for the network administrator is NP-hard for both types of attackers. For the case with a powerful attacker, we provide two solution techniques that use mixed-integer linear programming, a reformulation method and a bisection algorithm, as well as a fast and effective greedy algorithm. Similarly, we provide complexity results and propose exact and heuristic approaches when the attacker is naive. Our extensive experimental analysis demonstrates the effectiveness of our approaches.

[1]  Viliam Lisý,et al.  Game-Theoretic Foundations for the Strategic Use of Honeypots in Network Security , 2015, Cyber Warfare.

[2]  Erik B. Bajalinov,et al.  Linear-Fractional Programming Theory, Methods, Applications and Software , 2013 .

[3]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.

[4]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[5]  Mina Guirguis,et al.  Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cyber-security Alerts , 2017, IJCAI.

[6]  Milind Tambe,et al.  Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[7]  Sushil Jajodia,et al.  Manipulating the attacker's view of a system's attack surface , 2014, 2014 IEEE Conference on Communications and Network Security.

[8]  C. Roper China: The Red Dragon of Economic Espionage , 2013 .

[9]  Sushil Jajodia,et al.  A Probabilistic Logic of Cyber Deception , 2017, IEEE Transactions on Information Forensics and Security.

[10]  Branislav Bosanský,et al.  Optimal Network Security Hardening Using Attack Graph Games , 2015, IJCAI.

[11]  Mohammed H. Almeshekah,et al.  Planning and Integrating Deception into Computer Security Defenses , 2014, NSPW '14.

[12]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[13]  Branislav Bosanský,et al.  Approximate Solutions for Attack Graph Games with Imperfect Information , 2015, GameSec.

[14]  Branislav Bosanský,et al.  Game Theoretic Model of Strategic Honeypot Selection in Computer Networks , 2012, GameSec.

[15]  Nicola Basilico,et al.  Automated Abstractions for Patrolling Security Games , 2011, AAAI.

[16]  Quanyan Zhu,et al.  Decision and Game Theory for Security , 2016, Lecture Notes in Computer Science.

[17]  Nasser M. Nasrabadi,et al.  Pattern Recognition and Machine Learning , 2006, Technometrics.

[18]  Yitzchak M. Gottlieb,et al.  ACyDS: An adaptive cyber deception system , 2016, MILCOM 2016 - 2016 IEEE Military Communications Conference.

[19]  Sushil Jajodia,et al.  Pareto-Optimal Adversarial Defense of Enterprise Systems , 2015, TSEC.

[20]  Sushil Jajodia,et al.  A deception based approach for defeating OS and service fingerprinting , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[21]  John S. Baras,et al.  Decision and Game Theory for Security , 2010, Lecture Notes in Computer Science.

[22]  Nicola Basilico,et al.  Patrolling security games: Definition and algorithms for solving large instances with single patroller and single intruder , 2012, Artif. Intell..

[23]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[24]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[25]  Yan Zhu,et al.  Disrupting Nation State Hackers , 2016 .

[26]  Sushil Jajodia,et al.  Deceiving Attackers by Creating a Virtual Attack Surface , 2016, Cyber Deception.

[27]  Tansu Alpcan,et al.  Network Security , 2010 .