Abstract
Cyber adversaries are known to complete network attacks after lengthy reconnaissance phases where they map out the vulnerabilities present inside an enterprise network to find the best route of compromise. Using deceptive responses to alter the perceived configurations (system characteristics) of hosts observed from reconnaissance activities gives the network administrator the ability to increase uncertainty to an adversary attempting to compromise the network. We introduce a novel game-theoretic model of deceptive interactions of this kind between a defender and a cyber attacker, which we call the Cyber Deception Game. This work considers both a powerful (rational) attacker, who is aware of the deception and has a robust amount of information of the defender’s deception strategy, and a naive attacker who is not aware with fixed preferences over observed network hosts. We show that computing the optimal deception strategy for the network administrator is NP-hard for both types of attackers. For the case with a powerful attacker, we provide two solution techniques that use mixed-integer linear programming, a reformulation method and a bisection algorithm, as well as a fast and effective greedy algorithm. Similarly, we provide complexity results and propose exact and heuristic approaches when the attacker is naive. Our extensive experimental analysis demonstrates the effectiveness of our approaches.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The feasibility constraints can simply be captured via the budget constraint by setting the costs of infeasible assignments to be higher than the budget. However, they are essential in the model, since, in some cases, having no budget constraint allows an efficient solution to the problem (e.g. Sect. 5), while still having the very practical feasibility constraints keeps the problem non-trivial.
- 2.
A detailed proof can be found in the online appendix: http://teamcore.usc.edu/papers/2018/App_AAMAS_ARS.pdf.
- 3.
As an example, the adversary could estimate his utility according to values derived from the NIST National Vulnerability Database [24].
References
Massimiliano Albanese, Ermanno Battista, and Sushil Jajodia. A deception based approach for defeating os and service fingerprinting. In Communications and Network Security (CNS), 2015 IEEE Conference on, pages 317–325. IEEE, 2015.
Massimiliano Albanese, Ermanno Battista, and Sushil Jajodia. Deceiving attackers by creating a virtual attack surface. In Cyber Deception, pages 169–201. Springer, 2016.
Massimiliano Albanese, Ermanno Battista, Sushil Jajodia, and Valentina Casola. Manipulating the attacker’s view of a system’s attack surface. In Communications and Network Security (CNS), 2014 IEEE Conference on, pages 472–480. IEEE, 2014.
Mohammed H Almeshekah and Eugene H Spafford. Planning and integrating deception into computer security defenses. In Proceedings of the 2014 Workshop on New Security Paradigms Workshop, pages 127–138. ACM, 2014.
Tansu Alpcan and Tamer BaÅŸar. Network security: A decision and game-theoretic approach. Cambridge University Press, 2010.
Erik B Bajalinov. Linear-Fractional Programming Theory, Methods, Applications and Software, volume 84. Springer Science & Business Media, 2013.
Nicola Basilico and Nicola Gatti. Automated abstractions for patrolling security games. In AAAI, 2011.
Nicola Basilico, Nicola Gatti, and Francesco Amigoni. Patrolling security games: Definition and algorithms for solving large instances with single patroller and single intruder. Artificial Intelligence, 184:78–123, 2012.
Jay Beale, Renaud Deraison, Haroon Meer, Roelof Temmingh, and Charl Van Der Walt. Nessus network auditing. Syngress Publishing, 2004.
Christopher M Bishop. Pattern recognition and machine learning. Springer, 2006.
Thomas E Carroll and Daniel Grosu. A game theoretic investigation of deception in network security. Security and Communication Networks, 4(10):1162–1172, 2011.
Cho-Yu J Chiang, Yitzchak M Gottlieb, Shridatt James Sugrim, Ritu Chadha, Constantin Serban, Alex Poylisher, Lisa M Marvel, and Jonathan Santos. Acyds: An adaptive cyber deception system. In Military Communications Conference, MILCOM 2016-2016 IEEE, pages 800–805. IEEE, 2016.
Karel Durkota, Viliam Lisỳ, Branislav Bošanskỳ, and Christopher Kiekintveld. Approximate solutions for attack graph games with imperfect information. In International Conference on Decision and Game Theory for Security, pages 228–249. Springer, 2015.
Karel Durkota, Viliam Lisỳ, Branislav Bosanskỳ, and Christopher Kiekintveld. Optimal network security hardening using attack graph games. In IJCAI, pages 526–532, 2015.
Vindu Goel and Nicole Perlroth. Yahoo Says 1 Billion User Accounts Were Hacked, 2016 (accessed September 10, 2017). https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html.
Ines Gutzmer. Equifax Announces Cybersecurity Incident Involving Consumer Information, 2017 (accessed October 15, 2017). https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628.
Sushil Jajodia, Noseong Park, Fabio Pierazzi, Andrea Pugliese, Edoardo Serra, Gerardo I Simari, and VS Subrahmanian. A probabilistic logic of cyber deception. IEEE Transactions on Information Forensics and Security, 12(11):2532–2544, 2017.
Rob Joyce. Disrupting nation state hackers. San Francisco, CA, 2016. USENIX Association.
Christopher Kiekintveld, Viliam Lisỳ, and Radek PÃbil. Game-theoretic foundations for the strategic use of honeypots in network security. In Cyber Warfare, pages 81–101. Springer, 2015.
Christian Kreibich and Jon Crowcroft. Honeycomb: creating intrusion detection signatures using honeypots. ACM SIGCOMM computer communication review, 34(1):51–56, 2004.
Aron Laszka, Yevgeniy Vorobeychik, and Xenofon D Koutsoukos. Optimal personalized filtering against spear-phishing attacks. In AAAI, pages 958–964, 2015.
Gordon Fyodor Lyon. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure, 2009.
Mandiant. Apt1: Exposing one of China’s cyber espionage units, 2013.
NIST. National Vulnerability Database, 2017. https://nvd.nist.gov/.
Jeffrey Pawlick and Quanyan Zhu. Deception by design: evidence-based signaling games for network defense. arXiv preprint arXiv:1503.05458, 2015.
Radek Pıbil, Viliam Lisỳ, Christopher Kiekintveld, Branislav Bošanskỳ, and Michal Pechoucek. Game theoretic model of strategic honeypot selection in computer networks. Decision and Game Theory for Security, 7638:201–220, 2012.
Niels Provos. Honeyd-a virtual honeypot daemon. In 10th DFN-CERT Workshop, Hamburg, Germany, volume 2, page 4, 2003.
Martin Roesch et al. Snort: Lightweight intrusion detection for networks. In Lisa, volume 99, pages 229–238, 1999.
Aaron Schlenker, Haifeng Xu, Mina Guirguis, Chris Kiekintveld, Arunesh Sinha, Milind Tambe, Solomon Sonya, Darryl Balderas, and Noah Dunstatter. Don‘t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts. 2017.
Edoardo Serra, Sushil Jajodia, Andrea Pugliese, Antonino Rullo, and VS Subrahmanian. Pareto-optimal adversarial defense of enterprise systems. ACM Transactions on Information and System Security (TISSEC), 17(3):11, 2015.
Milind Tambe. Security and game theory: algorithms, deployed systems, lessons learned. Cambridge University Press, 2011.
Dajun Yue, Gonzalo Guillén-Gosálbez, and Fengqi You. Global optimization of large-scale mixed-integer linear fractional programming problems: A reformulation-linearization method and process scheduling applications. AIChE Journal, 59(11):4255–4272, 2013.
Acknowledgements
This work was supported in part by the Army Research Office (W911NF-17-1-0370, W911NF-11-1-0332, W911NF-15-1-0515, W911NF-16-1-0069), National Science Foundation (CNS-1640624, IIS-1649972, and IIS-1526860), and Office of Naval Research (N00014-15-1-2621). Haifeng is partially supported by a Google PhD Fellowship. We also want to thank Solomon Sonya for his invaluable domain knowledge and wonderful discussions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Schlenker, A., Thakoor, O., Xu, H., Fang, F., Tambe, M., Vayanos, P. (2020). Game Theoretic Cyber Deception to Foil Adversarial Network Reconnaissance. In: Jajodia, S., Cybenko, G., Subrahmanian, V., Swarup, V., Wang, C., Wellman, M. (eds) Adaptive Autonomous Secure Cyber Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-33432-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-33432-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33431-4
Online ISBN: 978-3-030-33432-1
eBook Packages: Computer ScienceComputer Science (R0)