Manipulating Adversary's Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security

Due to the sophisticated nature of current computer systems, traditional defense measures, such as firewalls, malware scanners, and intrusion detection/prevention systems, have been found inadequate. These technological systems suffer from the fact that a sophisticated attacker can study them, identify their weaknesses and thus get an advantage over the defender. To prevent this from happening a proactive cyber defense is a new defense mechanism in which we strategically engage the attacker by using cyber deception techniques, and we influence his actions by creating and reinforcing his view of the computer system. We apply the cyber deception techniques in the field of network security and study the impact of the deception on attacker’s beliefs using the quantitative framework of the game theory. We account for the sequential nature of an attack and investigate how attacker’s belief evolves and influences his actions. We show how the defender should manipulate this belief to prevent the attacker from achieving his goals and thus minimize the damage inflicted to the network. To design a successful defense based on cyber deception, it is crucial to employ strategic thinking and account explicitly for attacker’s belief that he is being exposed to deceptive attempts. By doing so, we can make the deception more believable from the perspective of the attacker.

[1]  T. Başar,et al.  Dynamic Noncooperative Game Theory, 2nd Edition , 1998 .

[2]  Srikanth V. Krishnamurthy,et al.  Cyber Deception: Virtual Networks to Defend Insider Reconnaissance , 2016, MIST@CCS.

[3]  Quanyan Zhu,et al.  A Game-Theoretic Analysis of Deception over Social Networks Using Fake Avatars , 2016, GameSec.

[4]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[5]  Lior Rokach,et al.  HoneyGen: An automated honeytokens generator , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[6]  Branislav Bosanský,et al.  Heuristic Search Value Iteration for One-Sided Partially Observable Stochastic Games , 2017, AAAI.

[7]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[8]  Rayford B. Vaughn,et al.  Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[9]  Branislav Bosanský,et al.  Approximate Solutions for Attack Graph Games with Imperfect Information , 2015, GameSec.

[10]  Guofei Gu,et al.  HoneyStat: Local Worm Detection Using Honeypots , 2004, RAID.

[11]  Frank J. Stech,et al.  Integrating Cyber-D&D into Adversary Modeling for Active Cyber Defense , 2016, Cyber Deception.

[12]  Quanyan Zhu,et al.  Deployment and exploitation of deceptive honeybots in social networks , 2012, 52nd IEEE Conference on Decision and Control.

[13]  Salvatore J. Stolfo,et al.  Baiting Inside Attackers Using Decoy Documents , 2009, SecureComm.

[14]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[15]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[16]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[17]  Shlomo Zilberstein,et al.  Dynamic Programming for Partially Observable Stochastic Games , 2004, AAAI.

[18]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[19]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[20]  Quanyan Zhu,et al.  Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense , 2013, GameSec.

[21]  Milos Manic,et al.  Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks , 2014, IEEE Transactions on Industrial Informatics.

[22]  Quanyan Zhu,et al.  Deceptive routing games , 2012, 2012 IEEE 51st IEEE Conference on Decision and Control (CDC).

[23]  A. J. Underbrink Effective Cyber Deception , 2016, Cyber Deception.

[24]  Quanyan Zhu,et al.  Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[25]  Janet Lepanto,et al.  Camouflage of network traffic to resist attack (CONTRA) , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[26]  Mark Fabro,et al.  Control Systems Cyber Security: Defense-in-Depth Strategies , 2006 .

[27]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[28]  Jeyavijayan Rajendran,et al.  Hardware security: Threat models and metrics , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[29]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.