Learning Generative Deception Strategies in Combinatorial Masking Games

Deception is a crucial tool in the cyberdefence repertoire, enabling defenders to leverage their informational advantage to reduce the likelihood of successful attacks. One way deception can be employed is through obscuring, or masking, some of the information about how systems are configured, increasing attacker’s uncertainty about their targets. We present a novel game-theoretic model of the resulting defenderattacker interaction, where the defender chooses a subset of attributes to mask, while the attacker responds by choosing an exploit to execute. The strategies of both players have combinatorial structure with complex informational dependencies, and therefore even representing these strategies is not trivial. First, we show that the problem of computing an equilibrium of the resulting zero-sum defender-attacker game can be represented as a linear program with a combinatorial number of system configuration variables and constraints, and develop a constraint generation approach for solving this problem. Next, we present a novel highly scalable approach for approximately solving such games by representing the strategies of both players as neural networks. The key idea is to represent the defender’s mixed strategy using a deep neural network generator, and then using alternating gradient-descent-ascent algorithm, analogous to the training of Generative Adversarial Networks. Our experiments, as well as a case study, demonstrate the efficacy of the proposed approach.

[1]  Ehab Al-Shaer,et al.  Using Deep Learning to Generate Relational HoneyData , 2019 .

[2]  Bo Li,et al.  To Warn or Not to Warn: Online Signaling in Audit Games , 2020, 2020 IEEE 36th International Conference on Data Engineering (ICDE).

[3]  Haifeng Xu,et al.  Information Disclosure as a Means to Security , 2015, AAMAS.

[4]  N. Rowe Deception in defense of computer systems from cyber-attack , 2007 .

[5]  Simon Osindero,et al.  Conditional Generative Adversarial Nets , 2014, ArXiv.

[6]  Milind Tambe,et al.  Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[7]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[8]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[9]  Sushil Jajodia,et al.  Deceiving Attackers by Creating a Virtual Attack Surface , 2016, Cyber Deception.

[10]  Fred Cohen,et al.  A Framework for Deception , 2001 .

[11]  Lior Rokach,et al.  HoneyGen: An automated honeytokens generator , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[12]  Branislav Bosanský,et al.  Comparing Strategic Secrecy and Stackelberg Commitment in Security Games , 2017, IJCAI.

[13]  Haifeng Xu,et al.  Exploring Information Asymmetry in Two-Stage Security Games , 2015, AAAI.

[14]  Branislav Bosanský,et al.  Manipulating Adversary's Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security , 2017, GameSec.

[15]  Ariel D. Procaccia,et al.  Learning and Planning in the Feature Deception Problem , 2020, GameSec.

[16]  Branislav Bosanský,et al.  Game Theoretic Model of Strategic Honeypot Selection in Computer Networks , 2012, GameSec.

[17]  Vincent Conitzer,et al.  Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness , 2011, J. Artif. Intell. Res..

[18]  Fred Cohen,et al.  Leading attackers through attack graphs with deceptions , 2003, Comput. Secur..

[19]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[20]  Optimal Deceptive Strategies in Security Games : A Preliminary Study , 2013 .

[21]  Ronald L. Rivest,et al.  Honeywords: making password-cracking detectable , 2013, CCS.

[22]  Milind Tambe Security and Game Theory by Milind Tambe , 2011 .

[23]  Yongzhao Wang,et al.  Deception in Finitely Repeated Security Games , 2019, AAAI.

[24]  Guofei Gu,et al.  HoneyStat: Local Worm Detection Using Honeypots , 2004, RAID.

[25]  Milind Tambe,et al.  DeepFP for Finding Nash Equilibrium in Continuous Action Spaces , 2019, GameSec.

[26]  Wei Wang,et al.  A Two-Stage Deception Game for Network Defense , 2018, GameSec.

[27]  Haifeng Xu,et al.  Deceiving Cyber Adversaries: A Game Theoretic Approach , 2018, AAMAS.

[28]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[29]  Yevgeniy Vorobeychik,et al.  Deception through Half-Truths , 2019, AAAI.

[30]  Viliam Lisý,et al.  Game-Theoretic Foundations for the Strategic Use of Honeypots in Network Security , 2015, Cyber Warfare.