Anti-Honeypot Enabled Optimal Attack Strategy for Industrial Cyber-Physical Systems

Honeypots have been widely used in the security community to understand the cyber threat landscape, for example to study unauthorized penetration attempts targeting industrial cyber-physical systems (ICPS) and observing the behaviors in such activities. However, some better-resourced cyber attackers may attempt to identify honeypots and develop strategies to compromise them, aka anti-honeypot. In this paper, we present an anti-honeypot enabled optimal attack strategy for ICPS, by employing a novel game-theoretical approach. Specifically, the interactions between the attacker and ICPS defender are captured with a proposed hybrid signaling and repeated game, i.e., a non-cooperative two-player one-shot game with incomplete information. By taking into account both various possible defenses of an ICPS and diverse offensive acts of attackers, a Nash equilibrium is derived, which exhibits an optimal attack strategy for attackers with varying technical sophistication. Extensive simulation experiments on multiple test cases demonstrate that, the derived strategy offers the attackers an optimal tactic to compromise the target ICPS protected by honeypots, while having only incomplete knowledge of the defensive mechanisms.

[1]  Vahid Madani,et al.  Causal event graphs cyber-physical system intrusion detection system , 2013, CSIIRW '13.

[2]  Neal Krawetz,et al.  Anti-honeypot technology , 2004, IEEE Security & Privacy Magazine.

[3]  Tony Q. S. Quek,et al.  A game theoretic model for enabling honeypots in IoT networks , 2016, 2016 IEEE International Conference on Communications (ICC).

[4]  Sambit Kumar Mishra,et al.  Honeypot-based intrusion detection system: A performance analysis , 2016, 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom).

[5]  José António Filipe,et al.  An Incomplete Information Static Game Evaluating Community-Based Forest Management in Zagros, Iran , 2020, Sustainability.

[6]  Xiaowei Li,et al.  Integrated simulation and emulation platform for cyber-physical system security experimentation , 2012, HiCoNS '12.

[7]  Yanfei Sun,et al.  Strategic Honeypot Game Model for Distributed Denial of Service Attacks in the Smart Grid , 2017, IEEE Transactions on Smart Grid.

[8]  Weiyi Liu,et al.  Security analysis for Cyber-Physical Systems against stealthy deception attacks , 2013, 2013 American Control Conference.

[9]  Donghua Zhou,et al.  Optimal joint control and triggering strategies against denial of service attacks: a zero-sum game , 2017 .

[10]  Neil C. Rowe,et al.  Defending Cyberspace with Fake Honeypots , 2007, J. Comput..

[11]  Zhou Su,et al.  Abnormal Crowd Traffic Detection for Crowdsourced Indoor Positioning in Heterogeneous Communications Networks , 2020, IEEE Transactions on Network Science and Engineering.

[12]  Ian Welch,et al.  Evaluation of Fingerprinting Techniques and a Windows-based Dynamic Honeypot , 2013, AISC.

[13]  Françoise Forges Note on nash equilibria in infinitely repeated games with incomplete information , 1984 .

[14]  Oleg V. Baskov Equilibrium payoffs in repeated two-player zero-sum games of finite automata , 2019, Int. J. Game Theory.

[15]  Shan Duan,et al.  Research on Industrial Technology Innovation Strategic Alliance Based on Alliance Network: A Case Study Based on Three Industrial Alliances in Zhejiang Province , 2019 .

[16]  Ville Leppänen,et al.  A Survey on Anti-honeypot and Anti-introspection Methods , 2017, WorldCIST.

[17]  Liang Zhao,et al.  DeepFed: Federated Deep Learning for Intrusion Detection in Industrial Cyber–Physical Systems , 2020, IEEE Transactions on Industrial Informatics.

[18]  Takahiro Watanabe,et al.  Pure strategy equilibrium in finite weakly unilaterally competitive games , 2016, Int. J. Game Theory.

[19]  Stephanie Forrest,et al.  Strategic aspects of cyberattack, attribution, and blame , 2017, Proceedings of the National Academy of Sciences.

[20]  Hassan Artail,et al.  A dynamic honeypot design for intrusion detection , 2004, The IEEE/ACS International Conference onPervasive Services, 2004. ICPS 2004. Proceedings..

[21]  Jian Shen,et al.  Game-Theory-Based Active Defense for Intrusion Detection in Cyber-Physical Embedded Systems , 2016, ACM Trans. Embed. Comput. Syst..

[22]  Aaron Roth,et al.  An Antifolk Theorem for Large Repeated Games , 2016, ACM Trans. Economics and Comput..

[23]  Hongbo Zhu,et al.  Deceptive Attack and Defense Game in Honeypot-Enabled Networks for the Internet of Things , 2016, IEEE Internet of Things Journal.

[24]  Zhou Su,et al.  Defending Malicious Check-In Using Big Data Analysis of Indoor Positioning System: An Access Point Selection Approach , 2020, IEEE Transactions on Network Science and Engineering.

[25]  David K. Y. Yau,et al.  Markov Game Analysis for Attack-Defense of Power Networks Under Possible Misinformation , 2013, IEEE Transactions on Power Systems.

[26]  H. Vincent Poor,et al.  Attacker-Centric View of a Detection Game against Advanced Persistent Threats , 2018, IEEE Transactions on Mobile Computing.

[27]  David Hutchison,et al.  Game Theory for Multi-Access Edge Computing: Survey, Use Cases, and Future Trends , 2017, IEEE Communications Surveys & Tutorials.

[28]  Ning Zhang,et al.  LVBS: Lightweight Vehicular Blockchain for Secure Data Sharing in Disaster Rescue , 2020, IEEE Transactions on Dependable and Secure Computing.

[29]  Yong Deng,et al.  A novel matrix game with payoffs of Maxitive Belief Structure , 2018, Int. J. Intell. Syst..

[30]  N.C. Rowe,et al.  Fake Honeypots: A Defensive Tactic for Cyberspace , 2006, 2006 IEEE Information Assurance Workshop.

[31]  Marjan Gushev,et al.  Dew Computing Architecture for Cyber-Physical Systems and IoT , 2020, Internet Things.

[32]  Abdelilah Maach,et al.  SCADA security using SSH honeypot , 2019, NISS.

[33]  Peng Liu,et al.  Using Signaling Games to Model the Multi-step Attack-Defense Scenarios on Confidentiality , 2012, GameSec.

[34]  Jiayong Liu,et al.  Automatic Identification of Honeypot Server Using Machine Learning Techniques , 2019, Secur. Commun. Networks.

[35]  Quanyan Zhu,et al.  A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy , 2017, ACM Comput. Surv..

[36]  Drew Fudenberg,et al.  Payoff information and learning in signaling games , 2020, Games Econ. Behav..