Deceiving Cyber Adversaries: A Game Theoretic Approach

An important way cyber adversaries find vulnerabilities in modern networks is through reconnaissance, in which they attempt to identify configuration specifics of network hosts. To increase uncertainty of adversarial reconnaissance, the network administrator (henceforth, defender) can introduce deception into responses to network scans, such as obscuring certain system characteristics. We introduce a novel game theoretic model of deceptive interactions of this kind between a defender and a cyber attacker, which we call the Cyber Deception Game. We consider both a powerful (rational) attacker, who is aware of the defender's exact deception strategy, and a naive attacker who is not. We show that computing the optimal deception strategy is NP-hard for both types of attackers. For the case with a powerful attacker, we provide a mixed-integer linear program solution as well as a fast and effective greedy algorithm. Similarly, we provide complexity results and propose exact and heuristic approaches when the attacker is naive. Our extensive experimental analysis demonstrates the effectiveness of our approaches.

[1]  Mohammed H. Almeshekah,et al.  Planning and Integrating Deception into Computer Security Defenses , 2014, NSPW '14.

[2]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[3]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[4]  Nicola Basilico,et al.  Automated Abstractions for Patrolling Security Games , 2011, AAAI.

[5]  Mohammed H. Almeshekah,et al.  Cyber Security Deception , 2016, Cyber Deception.

[6]  Nicola Basilico,et al.  Patrolling security games: Definition and algorithms for solving large instances with single patroller and single intruder , 2012, Artif. Intell..

[7]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[8]  Branislav Bosanský,et al.  Optimal Network Security Hardening Using Attack Graph Games , 2015, IJCAI.

[9]  Mina Guirguis,et al.  Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cyber-security Alerts , 2017, IJCAI.

[10]  Branislav Bosanský,et al.  Approximate Solutions for Attack Graph Games with Imperfect Information , 2015, GameSec.

[11]  Sushil Jajodia,et al.  A deception based approach for defeating OS and service fingerprinting , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[12]  Sushil Jajodia,et al.  A Probabilistic Logic of Cyber Deception , 2017, IEEE Transactions on Information Forensics and Security.

[13]  Milind Tambe Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[14]  Nasser M. Nasrabadi,et al.  Pattern Recognition and Machine Learning , 2006, J. Electronic Imaging.

[15]  Tansu Alpcan,et al.  Network Security: A Decision and Game-Theoretic Approach , 2010 .

[16]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.

[17]  Viliam Lisý,et al.  Game-Theoretic Foundations for the Strategic Use of Honeypots in Network Security , 2015, Cyber Warfare.

[18]  Yan Zhu,et al.  Disrupting Nation State Hackers , 2016 .

[19]  Sushil Jajodia,et al.  Deceiving Attackers by Creating a Virtual Attack Surface , 2016, Cyber Deception.

[20]  Branislav Bosanský,et al.  Game Theoretic Model of Strategic Honeypot Selection in Computer Networks , 2012, GameSec.

[21]  Sushil Jajodia,et al.  Pareto-Optimal Adversarial Defense of Enterprise Systems , 2015, TSEC.