Phishing for Phools in the Internet of Things: Modeling One-to-Many Deception using Poisson Signaling Games

Strategic interactions ranging from politics and pharmaceuticals to e-commerce and social networks support equilibria in which agents with private information manipulate others which are vulnerable to deception. Especially in cyberspace and the Internet of things, deception is difficult to detect and trust is complicated to establish. For this reason, effective policy-making, profitable entrepreneurship, and optimal technological design demand quantitative models of deception. In this paper, we use game theory to model specifically one-to-many deception. We combine a signaling game with a model called a Poisson game. The resulting Poisson signaling game extends traditional signaling games to include 1) exogenous evidence of deception, 2) an unknown number of receivers, and 3) receivers of multiple types. We find closed-form equilibrium solutions for a subset of Poisson signaling games, and characterize the rates of deception that they support. We show that receivers with higher abilities to detect deception can use crowd-defense tactics to mitigate deception for receivers with lower abilities to detect deception. Finally, we discuss how Poisson signaling games could be used to defend against the process by which the Mirai botnet recruits IoT devices in preparation for a distributed denial-of-service attack.

[1]  Vicente Segura,et al.  Modeling the Economic Incentives of DDoS Attacks: femtocell case study , 2009, WEIS.

[2]  Jie Zhang,et al.  A Multifaceted Approach to Modeling Agent Trust for Effective Communication in the Application of Mobile Ad Hoc Vehicular Networks , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[3]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[4]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[5]  Tyler Moore,et al.  Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools , 2014, Financial Cryptography Workshops.

[6]  Artemis Moroni,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[7]  Murat Kantarcioglu,et al.  A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model , 2010, GameSec.

[8]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[9]  Roger B. Myerson,et al.  Population uncertainty and Poisson games , 1998, Int. J. Game Theory.

[10]  John C. Harsanyi,et al.  Games with Incomplete Information Played by "Bayesian" Players, I-III: Part I. The Basic Model& , 2004, Manag. Sci..

[11]  Finn Brunton,et al.  Obfuscation: A User's Guide for Privacy and Protest , 2015 .

[12]  Stephen E. Fienberg,et al.  Testing Statistical Hypotheses , 2005 .

[13]  Richard N. Cooper,et al.  Phishing for Phools: The Economics of Manipulation and Deception , 2016 .

[14]  Frank L. Lewis,et al.  Applied Optimal Control and Estimation , 1992 .

[15]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[16]  Claire Cardie,et al.  Finding Deceptive Opinion Spam by Any Stretch of the Imagination , 2011, ACL.

[17]  Quanyan Zhu,et al.  A cyber-physical game framework for secure and resilient multi-agent autonomous systems , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[18]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[19]  R. Kirk CONVENTION: A PHILOSOPHICAL STUDY , 1970 .

[20]  Ronald L. Rivest,et al.  Defending against the Unknown Enemy: Applying FlipIt to System Security , 2012, GameSec.

[21]  Roger B. Myerson,et al.  Large Poisson Games , 2000, J. Econ. Theory.

[22]  Oguzhan Alagöz,et al.  Modeling secrecy and deception in a multiple-period attacker-defender signaling game , 2010, Eur. J. Oper. Res..

[23]  Medha Surabhi Cyber Warfare and Cyber Terrorism , 2012 .

[24]  J. Sobel,et al.  STRATEGIC INFORMATION TRANSMISSION , 1982 .

[25]  Chase Qishi Wu,et al.  On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks , 2010, SpringSim.

[26]  J. Harsanyi Games with Incomplete Information Played by 'Bayesian' Players, Part III. The Basic Probability Distribution of the Game , 1968 .