Cyber Camouflage Games for Strategic Deception

The rapid increase in cybercrime, causing a reported annual economic loss of $600 billion (Lewis 2018), has prompted a critical need for effective cyber defense. Strategic criminals conduct network reconnaissance prior to executing attacks to avoid detection and establish situational awareness via scanning and fingerprinting tools. Cyber deception attempts to foil these reconnaissance efforts by camouflaging network and system attributes to disguise valuable information. Game-theoretic models can identify decisions about strategically deceiving attackers, subject to domain constraints. For effectively deploying an optimal deceptive strategy, modeling the objectives and the abilities of the attackers, is a key challenge. To address this challenge, we present Cyber Camouflage Games (CCG), a general-sum game model that captures attackers which can be diversely equipped and motivated. We show that computing the optimal defender strategy is NP-hard even in the special case of unconstrained CCGs, and present an efficient approximate solution for it. We further provide an MILP formulation accelerated with cut-augmentation for the general constrained problem. Finally, we provide experimental evidence that our solution methods are efficient and effective.

[1]  C. Roper China: The Red Dragon of Economic Espionage , 2013 .

[2]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.

[3]  Mina Guirguis,et al.  Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cyber-security Alerts , 2017, IJCAI.

[4]  Tansu Alpcan,et al.  Network Security , 2010 .

[5]  Bo An,et al.  Regret-Based Optimization and Preference Elicitation for Stackelberg Security Games with Uncertainty , 2014, AAAI.

[6]  Manish Jain,et al.  Game theory for security: Key algorithmic principles, deployed systems, lessons learned , 2012, 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[7]  Sushil Jajodia,et al.  Manipulating the attacker's view of a system's attack surface , 2014, 2014 IEEE Conference on Communications and Network Security.

[8]  Ofir Arkin,et al.  The Present and Future of Xprobe2 The Next Generation of Active Operating System Fingerprinting , 2003 .

[9]  Branislav Bosanský,et al.  Game Theoretic Model of Strategic Honeypot Selection in Computer Networks , 2012, GameSec.

[10]  Milind Tambe,et al.  Approximation methods for infinite Bayesian Stackelberg games: modeling distributional payoff uncertainty , 2011, AAMAS.

[11]  Yan Zhu,et al.  Disrupting Nation State Hackers , 2016 .

[12]  Kevin Leyton-Brown,et al.  Resource Graph Games: A Compact Representation for Games with Structured Strategy Spaces , 2017, AAAI.

[13]  Sushil Jajodia,et al.  Deceiving Attackers by Creating a Virtual Attack Surface , 2016, Cyber Deception.

[14]  Juliane Hahn,et al.  Security And Game Theory Algorithms Deployed Systems Lessons Learned , 2016 .

[15]  Craig A. Shue,et al.  The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking , 2015, MTD@CCS.

[16]  Sushil Jajodia,et al.  Pareto-Optimal Adversarial Defense of Enterprise Systems , 2015, TSEC.

[17]  Yitzchak M. Gottlieb,et al.  CyberVAN: A Cyber Security Virtual Assured Network testbed , 2016, MILCOM 2016 - 2016 IEEE Military Communications Conference.

[18]  Branislav Bosanský,et al.  Optimal Network Security Hardening Using Attack Graph Games , 2015, IJCAI.

[19]  Haifeng Xu,et al.  Deceiving Cyber Adversaries: A Game Theoretic Approach , 2018, AAMAS.

[20]  Jean Walrand,et al.  Decision and Game Theory for Security , 2012, Lecture Notes in Computer Science.

[21]  A. Haurie,et al.  Sequential Stackelberg equilibria in two-person games , 1985 .

[22]  KrausSarit,et al.  Robust solutions to Stackelberg games , 2010 .

[23]  Sushil Jajodia,et al.  AHEAD: A New Architecture for Active Defense , 2016, SafeConfig@CCS.

[24]  Vladik Kreinovich,et al.  Security games with interval uncertainty , 2013, AAMAS.

[25]  B. Stengel,et al.  Leadership with commitment to mixed strategies , 2004 .

[26]  Kalyanmoy Deb,et al.  A Review on Bilevel Optimization: From Classical to Evolutionary Approaches and Applications , 2017, IEEE Transactions on Evolutionary Computation.

[27]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[28]  S. Tijs Nash equilibria for noncooperative n-person games in normal form , 1981 .

[29]  Srikanth V. Krishnamurthy,et al.  Cyber Deception: Virtual Networks to Defend Insider Reconnaissance , 2016, MIST@CCS.

[30]  Patrice Auffret SinFP, unification of active and passive operating system fingerprinting , 2008, Journal in Computer Virology.

[31]  Bo An,et al.  On the Inducibility of Stackelberg Equilibrium for Security Games , 2018, AAAI.

[32]  Ehab Al-Shaer,et al.  A game-theoretic approach for deceiving Remote Operating System Fingerprinting , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).