General-Sum Cyber Deception Games under Partial Attacker Valuation Information

The rapid increase in cybercrime, causing a reported annual economic loss of $600 billion [20], has prompted a critical need for effective cyber defense. Strategic criminals conduct network reconnaissance prior to executing attacks to avoid detection and establish situational awareness via scanning and fingerprinting tools. Cyber deception attempts to foil these reconnaissance efforts; by disguising network and system attributes, among several other techniques. Cyber Deception Games (CDG) is a game-theoretic model for optimizing strategic deception, and can apply to various deception methods. Recently introduced initial model for CDGs assumes zero-sum payoffs, implying directly conflicting attacker motives, and perfect defender knowledge on attacker preferences. These unrealistic assumptions are fundamental limitations of the initial zero-sum model, which we address by proposing a general-sum model that can also handle uncertainty in the defender's knowledge.

[1]  Bo An,et al.  Regret-Based Optimization and Preference Elicitation for Stackelberg Security Games with Uncertainty , 2014, AAAI.

[2]  Branislav Bosanský,et al.  Game Theoretic Model of Strategic Honeypot Selection in Computer Networks , 2012, GameSec.

[3]  Milind Tambe,et al.  Approximation methods for infinite Bayesian Stackelberg games: modeling distributional payoff uncertainty , 2011, AAMAS.

[4]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.

[5]  Sushil Jajodia,et al.  Pareto-Optimal Adversarial Defense of Enterprise Systems , 2015, TSEC.

[6]  Branislav Bosanský,et al.  Approximate Solutions for Attack Graph Games with Imperfect Information , 2015, GameSec.

[7]  Craig Boutilier,et al.  Constraint-based optimization and utility elicitation using the minimax decision criterion , 2006, Artif. Intell..

[8]  Wei Wang,et al.  A Two-Stage Deception Game for Network Defense , 2018, GameSec.

[9]  Ehab Al-Shaer,et al.  A game-theoretic approach for deceiving Remote Operating System Fingerprinting , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[10]  Branislav Bosanský,et al.  Optimal Network Security Hardening Using Attack Graph Games , 2015, IJCAI.

[11]  Srikanth V. Krishnamurthy,et al.  Cyber Deception: Virtual Networks to Defend Insider Reconnaissance , 2016, MIST@CCS.

[12]  Mina Guirguis,et al.  Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cyber-security Alerts , 2017, IJCAI.

[13]  Haifeng Xu,et al.  Deceiving Cyber Adversaries: A Game Theoretic Approach , 2018, AAMAS.

[14]  A. Haurie,et al.  Sequential Stackelberg equilibria in two-person games , 1985 .

[15]  Patrice Auffret SinFP, unification of active and passive operating system fingerprinting , 2008, Journal in Computer Virology.

[16]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[17]  D. D. Farias,et al.  On constraint sampling in the linear programming approach to approximate linear programming , 2003, CDC.

[18]  Sushil Jajodia,et al.  AHEAD: A New Architecture for Active Defense , 2016, SafeConfig@CCS.

[19]  M Marvel Lisa,et al.  CyberVAN: A Cyber Security Virtual Assured Network testbed , 2016 .

[20]  Vladik Kreinovich,et al.  Security games with interval uncertainty , 2013, AAMAS.

[21]  Yan Zhu,et al.  Disrupting Nation State Hackers , 2016 .

[22]  Rong Yang,et al.  A robust approach to addressing human adversaries in security games , 2012, AAMAS.

[23]  Tansu Alpcan,et al.  Network Security , 2010 .