Game Theoretic Model of Strategic Honeypot Selection in Computer Networks

A honeypot is a decoy computer system used in network security to waste the time and resources of attackers and to analyze their behaviors. While there has been significant research on how to design honeypot systems, less is known about how to use honeypots strategically in network defense. Based on formal deception games, we develop two game-theoretic models that provide insight into how valuable should honeypots look like to maximize the probability that a rational attacker will attack a honeypot. The first model captures a static situation and the second allows attackers to imperfectly probe some of the systems on the network to determine which ones are likely to be real systems (and not honeypots) before launching an attack. We formally analyze the properties of the optimal strategies in the games and provide linear programs for their computation. Finally, we present the optimal solutions for a set of instances of the games and evaluate their quality in comparison to several baselines.

[1]  Christian Scheideler,et al.  Stabilization, Safety, and Security of Distributed Systems , 2012, Lecture Notes in Computer Science.

[2]  King Tak Lee On a deception game with three boxes , 1993 .

[3]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[4]  Radu State,et al.  Self Adaptive High Interaction Honeypots Driven by Game Theory , 2009, SSS.

[5]  B. Stengel,et al.  Efficient Computation of Behavior Strategies , 1996 .

[6]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[7]  Fred Cohen A Mathematical Structure of Simple Defensive Network Deception , 2000, Comput. Secur..

[8]  D. Koller,et al.  Efficient Computation of Equilibria for Extensive Two-Person Games , 1996 .

[9]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, ICCCN.

[10]  Debin Gao,et al.  Active malware analysis using stochastic games , 2012, AAMAS.

[11]  Yoav Shoham,et al.  Multiagent Systems - Algorithmic, Game-Theoretic, and Logical Foundations , 2009 .

[12]  N. Garg,et al.  Deception in Honeynets: A Game-Theoretic Analysis , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[13]  Thorsten Holz,et al.  NoSEBrEaK - attacking honeynets , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[14]  Andrew McLennan,et al.  Gambit: Software Tools for Game Theory , 2006 .

[15]  Gregory Levitin,et al.  Protection vs. false targets in series systems , 2009, Reliab. Eng. Syst. Saf..

[16]  Joel Spencer,et al.  A deception game , 1973 .

[17]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.