Foureye: Defensive Deception based on Hypergame Theory Against Advanced Persistent Threats

Defensive deception techniques have emerged as a promising proactive defense mechanism to mislead an attacker and thereby achieve attack failure. However, most game-theoretic defensive deception approaches have assumed that players maintain consistent views under uncertainty. They do not consider players’ possible, subjective beliefs formed due to asymmetric information given to them. In this work, we formulate a hypergame between an attacker and a defender where they can interpret the same game differently and accordingly choose their best strategy based on their respective beliefs. This gives a chance for defensive deception strategies to manipulate an attacker’s belief, which is the key to the attacker’s decision making. We consider advanced persistent threat (APT) attacks, which perform multiple attacks in the stages of the cyber kill chain where both the attacker and the defender aim to select optimal strategies based on their beliefs. Through extensive simulation experiments, we demonstrated how effectively the defender can leverage defensive deception techniques while dealing with multi-staged APT attacks in a hypergame in which the imperfect information is reflected based on perceived uncertainty, cost, and expected utilities of both attacker and defender, the system lifetime (i.e., mean time to security failure), and improved false positive rates in detecting attackers.

[1]  Adam Doupé,et al.  HoneyProxy: Design and implementation of next-generation honeynet via SDN , 2017, 2017 IEEE Conference on Communications and Network Security (CNS).

[2]  Gary B. Lamont,et al.  Hypergame Theory: A Model for Conflict, Misperception, and Deception , 2015 .

[3]  P. Bennett,et al.  Toward a theory of hypergames , 1977 .

[4]  Bahman Gharesifard,et al.  Evolution of the perception about the opponent in hypergames , 2010, 49th IEEE Conference on Decision and Control (CDC).

[5]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[6]  Yasuo Sasaki,et al.  Subjective Rationalizability in Hypergames , 2014, Adv. Decis. Sci..

[7]  Asaf Shabtai,et al.  Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[8]  Kyoichi Kijima,et al.  Adaptive learning of hypergame situations using a genetic algorithm , 2000, IEEE Trans. Syst. Man Cybern. Part A.

[9]  Guangxia Xu,et al.  SDN-Based Data Transfer Security for Internet of Things , 2018, IEEE Internet of Things Journal.

[10]  Russell R. Vane Planning for terrorist-caused emergencies , 2005, Proceedings of the Winter Simulation Conference, 2005..

[11]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[12]  Joseph W Caddell Deception 101 - Primer on Deception , 2004 .

[13]  Tatsushi Yamasaki,et al.  Replicator dynamics of evolutionary hypergames , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[14]  George Cybenko,et al.  Hypergame theory applied to cyber attack and defense , 2010, Defense + Commercial Sensing.

[15]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[16]  Mark Newman,et al.  Networks: An Introduction , 2010 .

[17]  Mohammed H. Almeshekah,et al.  Cyber Security Deception , 2016, Cyber Deception.

[18]  Keith W. Hipel,et al.  First-Level Hypergame for Investigating Misperception in Conflicts , 2018, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[19]  Y. Vorobeychik,et al.  Optimal Deceptive Strategies in Security Games : A Preliminary Study , 2013 .

[20]  Dorgival O. Guedes,et al.  Programmable Networks—From Software-Defined Radio to Software-Defined Networking , 2015, IEEE Communications Surveys & Tutorials.

[21]  Ludovic Noirie,et al.  Software-Defined LANs for Interconnected Smart Environment , 2015, 2015 27th International Teletraffic Congress.

[22]  S. Radack The Common Vulnerability Scoring System (CVSS) , 2007 .

[23]  Bahman Gharesifard,et al.  Evolution of Players' Misperceptions in Hypergames Under Perfect Observations , 2012, IEEE Transactions on Automatic Control.

[24]  U. Brandes A faster algorithm for betweenness centrality , 2001 .

[25]  Haifeng Xu,et al.  Deceiving Cyber Adversaries: A Game Theoretic Approach , 2018, AAMAS.

[26]  Kevin W. Hamlen,et al.  Modeling and Analysis of Deception Games Based on Hypergame Theory , 2019, Autonomous Cyber Deception.

[27]  R. Vane Advances in Hypergame Theory , 2006 .

[28]  Arnab Bhattacharya,et al.  Learning and Information Manipulation: Repeated Hypergames for Cyber-Physical Security , 2020, IEEE Control Systems Letters.

[29]  N. Garg,et al.  Deception in Honeynets: A Game-Theoretic Analysis , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[30]  Sunny Fugate,et al.  Game theory for adaptive defensive cyber deception , 2018, HotSoS.