The University of Southampton
University of Southampton Institutional Repository

Deceiving cyber adversaries: A game theoretic approach

Deceiving cyber adversaries: A game theoretic approach
Deceiving cyber adversaries: A game theoretic approach

An important way cyber adversaries find vulnerabilities in modern networks is through reconnaissance, in which they attempt to identify configuration specifics of network hosts. To increase uncertainty of adversarial reconnaissance, the network administrator (henceforth, defender) can introduce deception into responses to network scans, such as obscuring certain system characteristics. We introduce a novel game-theoretic model of deceptive interactions of this kind between a defender and a cyber attacker, which we call the Cyber Deception Game. We consider both a powerful (rational) attacker, who is aware of the defender's exact deception strategy, and a naive attacker who is not. We show that computing the optimal deception strategy is NP-hard for both types of attackers. For the case with a powerful attacker, we provide a mixed-integer linear program solution as well as a fast and effective greedy algorithm. Similarly, we provide complexity results and propose exact and heuristic approaches when the attacker is naive. Our extensive experimental analysis demonstrates the effectiveness of our approaches.

Cyber security, Game theory, Security games
892-900
International Foundation for Autonomous Agents and Multiagent Systems
Schlenker, Aaron
96d51d9b-55ed-4fa2-bc6c-d685c8ed7b78
Thakoor, Omkar
91cce790-f3f0-422d-9fbf-5166f110d8af
Xu, Haifeng
f82aa998-282f-4d50-be6d-8edf15a1f0a9
Tran-Thanh, Long
e0666669-d34b-460e-950d-e8b139fab16c
Fang, Fei
0681e1db-6889-419c-94d4-77027f6979e7
Vayanos, Phebe
80d104da-8892-4ee6-9232-cdcc561a7445
Tambe, Milind
a620fda8-c4fe-4193-a396-fe6de595fc6f
Vorobeychik, Yevgeniy
685c819f-3a7e-4f75-a4fb-2be1678db607
Schlenker, Aaron
96d51d9b-55ed-4fa2-bc6c-d685c8ed7b78
Thakoor, Omkar
91cce790-f3f0-422d-9fbf-5166f110d8af
Xu, Haifeng
f82aa998-282f-4d50-be6d-8edf15a1f0a9
Tran-Thanh, Long
e0666669-d34b-460e-950d-e8b139fab16c
Fang, Fei
0681e1db-6889-419c-94d4-77027f6979e7
Vayanos, Phebe
80d104da-8892-4ee6-9232-cdcc561a7445
Tambe, Milind
a620fda8-c4fe-4193-a396-fe6de595fc6f
Vorobeychik, Yevgeniy
685c819f-3a7e-4f75-a4fb-2be1678db607

Schlenker, Aaron, Thakoor, Omkar, Xu, Haifeng, Tran-Thanh, Long, Fang, Fei, Vayanos, Phebe, Tambe, Milind and Vorobeychik, Yevgeniy (2018) Deceiving cyber adversaries: A game theoretic approach. In 17th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2018. vol. 2, International Foundation for Autonomous Agents and Multiagent Systems. pp. 892-900 .

Record type: Conference or Workshop Item (Paper)

Abstract

An important way cyber adversaries find vulnerabilities in modern networks is through reconnaissance, in which they attempt to identify configuration specifics of network hosts. To increase uncertainty of adversarial reconnaissance, the network administrator (henceforth, defender) can introduce deception into responses to network scans, such as obscuring certain system characteristics. We introduce a novel game-theoretic model of deceptive interactions of this kind between a defender and a cyber attacker, which we call the Cyber Deception Game. We consider both a powerful (rational) attacker, who is aware of the defender's exact deception strategy, and a naive attacker who is not. We show that computing the optimal deception strategy is NP-hard for both types of attackers. For the case with a powerful attacker, we provide a mixed-integer linear program solution as well as a fast and effective greedy algorithm. Similarly, we provide complexity results and propose exact and heuristic approaches when the attacker is naive. Our extensive experimental analysis demonstrates the effectiveness of our approaches.

Full text not available from this repository.

More information

Published date: 2018
Venue - Dates: 17th International Conference on Autonomous Agents and Multiagent Systems, Stockholm, Sweden, 2018-07-11 - 2018-07-13
Keywords: Cyber security, Game theory, Security games

Identifiers

Local EPrints ID: 425571
URI: https://eprints.soton.ac.uk/id/eprint/425571
PURE UUID: 7ac40e33-912c-4dd3-889f-0a6afcb3ca60
ORCID for Long Tran-Thanh: ORCID iD orcid.org/0000-0003-1617-8316

Catalogue record

Date deposited: 25 Oct 2018 16:30
Last modified: 10 Dec 2019 01:40

Export record

Contributors

Author: Aaron Schlenker
Author: Omkar Thakoor
Author: Haifeng Xu
Author: Long Tran-Thanh ORCID iD
Author: Fei Fang
Author: Phebe Vayanos
Author: Milind Tambe
Author: Yevgeniy Vorobeychik

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×