Duplicity Games for Deception Design With an Application to Insider Threat Mitigation

Recent incidents such as the Colonial Pipeline ransomware attack and the SolarWinds hack have shown that traditional defense techniques are becoming insufficient to deter adversaries of growing sophistication. Proactive and deceptive defenses are an emerging class of methods to defend against zero-day and advanced attacks. This work develops a new game-theoretic framework called the duplicity game to design deception mechanisms that consist of a generator, an incentive modulator, and a trust manipulator, referred to as the GMM mechanism. We formulate a mathematical programming problem to compute the optimal GMM mechanism, quantify the upper limit of enforceable security policies, and characterize conditions on user’s identifiability and manageability for cyber attribution and user management. We develop a separation principle that decouples the design of the modulator from the GMM mechanism and an equivalence principle that turns the joint design of the generator and the manipulator into the single design of the manipulator. A case study of dynamic honeypot configurations is presented to mitigate insider threats. The numerical experiments corroborate the results that the optimal GMM mechanism can elicit desirable actions from both selfish and adversarial insiders and consequently improve the security posture of the insider network. In particular, a proper modulator can reduce the incentive misalignment between the players and achieve win-win situations for the selfish insider and the defender. Meanwhile, we observe that the defender always benefits from faking the percentage of honeypots when the optimal generator is presented.

[1]  Kenli Li,et al.  Game-Theoretic Design of Optimal Two-Sided Rating Protocols for Service Exchange Dilemma in Crowdsourcing , 2018, IEEE Transactions on Information Forensics and Security.

[2]  Quanyan Zhu,et al.  Adaptive Honeypot Engagement through Reinforcement Learning of Semi-Markov Decision Processes , 2019, GameSec.

[3]  Ioanna Kantzavelou,et al.  A game-based intrusion detection mechanism to confront internal attackers , 2010, Comput. Secur..

[4]  Branislav Bosanský,et al.  Manipulating Adversary's Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security , 2017, GameSec.

[5]  Quanyan Zhu,et al.  $\mathtt{FlipIn}$ : A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things , 2019, IEEE Transactions on Information Forensics and Security.

[6]  David Rios Insua,et al.  Insider Threat Modeling: An Adversarial Risk Analysis Approach , 2019, IEEE Transactions on Information Forensics and Security.

[7]  Quanyan Zhu,et al.  Compliance Control: Managed Vulnerability Surface in Social-Technological Systems via Signaling Games , 2015, MIST@CCS.

[8]  Karel Horák,et al.  Optimizing honeypot strategies against dynamic lateral movement using partially observable stochastic games , 2019, Comput. Secur..

[9]  Parinaz Naghizadeh Ardabili,et al.  Opting Out of Incentive Mechanisms: A Study of Security as a Non-Excludable Public Good , 2016, IEEE Transactions on Information Forensics and Security.

[10]  Milind Tambe,et al.  Learning about Cyber Deception through Simulations: Predictions of Human Decision Making with Deceptive Signals in Stackelberg Security Games , 2018, CogSci.

[11]  Haifeng Xu,et al.  Information Disclosure as a Means to Security , 2015, AAMAS.

[12]  Maaz Bin Ahmad,et al.  Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics , 2019 .

[13]  Jérôme Renault,et al.  Repeated Games with Incomplete Information , 2009, Encyclopedia of Complexity and Systems Science.

[14]  James Purnama,et al.  Enhancing Honeypot Deception Capability Through Network Service Fingerprinting , 2017 .

[15]  Quanyan Zhu,et al.  A Dynamic Games Approach to Proactive Defense Strategies against Advanced Persistent Threats in Cyber-Physical Systems , 2019, Comput. Secur..

[16]  Chunxiao Jiang,et al.  Data-Driven Auction Mechanism Design in IaaS Cloud Computing , 2018, IEEE Transactions on Services Computing.

[17]  Ananthram Swami,et al.  A signaling game model for moving target defense , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[18]  Quanyan Zhu,et al.  Modeling and Analysis of Leaky Deception Using Signaling Games With Evidence , 2018, IEEE Transactions on Information Forensics and Security.

[19]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[20]  Honglong Chen,et al.  Dynamic Distributed Honeypot Based on Blockchain , 2019, IEEE Access.

[21]  Tsutomu Matsumoto,et al.  Detect Me If You… Oh Wait. An Internet-Wide View of Self-Revealing Honeypots , 2019, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[22]  Sanmay Das,et al.  Reducing congestion through information design , 2017, 2017 55th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[23]  Quanyan Zhu,et al.  Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach , 2017, IEEE Transactions on Information Forensics and Security.

[24]  Vincent Conitzer,et al.  Signaling in Bayesian Stackelberg Games , 2016, AAMAS.

[25]  Hiroshi Fujinoki,et al.  A Survey: Recent Advances and Future Trends in Honeypot Research , 2012 .

[26]  Sheng Zhong,et al.  Designing Secure and Dependable Mobile Sensing Mechanisms With Revenue Guarantees , 2016, IEEE Transactions on Information Forensics and Security.

[27]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[28]  Quanyan Zhu,et al.  A Dynamic Game Framework for Rational and Persistent Robot Deception With an Application to Deceptive Pursuit-Evasion , 2019, IEEE Transactions on Automation Science and Engineering.

[29]  Radu State,et al.  Adaptive and self-configurable honeypots , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[30]  Neil C. Rowe,et al.  Defending Cyberspace with Fake Honeypots , 2007, J. Comput..

[31]  Henrik Sandberg,et al.  Epistemic Signaling Games for Cyber Deception With Asymmetric Recognition , 2021, IEEE Control Systems Letters.

[32]  Jiming Chen,et al.  REAP: An Efficient Incentive Mechanism for Reconciling Aggregation Accuracy and Individual Privacy in Crowdsensing , 2017, IEEE Transactions on Information Forensics and Security.

[33]  Emir Kamenica,et al.  Bayesian Persuasion , 2009 .

[34]  Quanyan Zhu,et al.  A Large-Scale Markov Game Approach to Dynamic Protection of Interdependent Infrastructure Networks , 2017, GameSec.

[35]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.