Honeypot Allocation Games over Attack Graphs for Cyber Deception

In this chapter, we introduce a cyber deception defense approach and propose a scalable allocation algorithm to place honeypots over an attack graph. We formulate a two‐person zero‐sum strategic game between the network defender and an attacker. The developed game model captures the network topology and its characteristics. The game also counts for the cost associated with the defense action and the attack cost. Nash equilibrium defense strategies are analytically characterized and studied for a special game. The complexity of the general game is discussed and a scalable algorithm is proposed to overcome the game complexity. This chapter extends the model to a dynamic game formulation to better understand game evolution with players' actions. Finally, numerical results are presented to illustrate the effectiveness of the proposed cyber deception approach.

[1]  Sushil Jajodia,et al.  Cyber Warfare , 2015, Advances in Information Security.

[2]  Quanyan Zhu,et al.  Deceptive Routing in Relay Networks , 2012, GameSec.

[3]  Tarek F. Abdelzaher,et al.  The Internet of Battlefield Things: The Next Generation of Command, Control, Communications and Intelligence (C3I) Decision-Making , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).

[4]  Charles Kamhoua,et al.  Honeypot Allocation over Attack Graphs in Cyber Deception Games , 2020, 2020 International Conference on Computing, Networking and Communications (ICNC).

[5]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[6]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[7]  Yu Xiao,et al.  Which Targets to Protect in Critical Infrastructures - A Game-Theoretic Solution From a Network Science Perspective , 2018, IEEE Access.

[8]  N.C. Rowe,et al.  Thwarting Cyber-Attack Reconnaissance with Inconsistency and Deception , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[9]  Ananthram Swami,et al.  The Internet of Battle Things , 2016, Computer.

[10]  Yevgeniy Vorobeychik,et al.  Optimal interdiction of attack plans , 2013, AAMAS.

[11]  Michael L. Littman,et al.  Markov Games as a Framework for Multi-Agent Reinforcement Learning , 1994, ICML.

[12]  Quanyan Zhu,et al.  Hypothesis Testing Game for Cyber Deception , 2018, GameSec.

[13]  Ryan Gabrys,et al.  Optimal Placement of Honeypots for Network Defense , 2018, GameSec.

[14]  Charles A. Kamhoua Game theoretic modeling of cyber deception in the Internet of Battlefield Things , 2018, 2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton).