Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach

Sayed, Abu; Anwar, Ahmed H.; Kiekintveld, Christopher; Bošanský, Branislav; Kamhoua, Charles A.

doi:10.1007/978-3-031-26369-9_3

Cited by 6 publications

(4 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We meticulously pinpoint the most detrimental links and subsequently propose a mitigating strategy. This work complements our analysis and evaluates the impact and mitigation of imperfect vulnerability information to the defender in relation to our previous work on security games with imperfect information (Sayed et al 2022).…”

Section: Introductionmentioning

confidence: 84%

“…Hypergame-based deception against advanced persistent threat attacks performing multiple attacks performed in the stages of cyber kill chain discussed in (Wan et al 2021). A game theoretic approach for zero-day vulnerability analysis and deceptive mitigation against zero-day vulnerability proposed by (Sayed et al 2022). The synergies between game theory and machine learning to formulate defensive deception discussed in (Zhu et al 2021).…”

Section: Game Theoretic Deceptionmentioning

confidence: 99%

See 1 more Smart Citation

Strategic Honeypot Allocation in Dynamic Networks: A Game-Theoretic Approach for Enhanced Cybersecurity

Sayed,

Hemida,

Kiekintveld

et al. 2024

Preprint

Self Cite

View full text Add to dashboard Cite

Honeypots play a crucial role in implementing various cyber deception techniques as they can mislead attackers and divert them away from valuable assets. The topology of tactical networks changes over time due to the topographical environment and node mobility. An impactful strategic placement of honeypots in tactical networks should essentially consider not only network aspects but also attackers' preferences. To this end, we propose a game-theoretic approach that models an attack-defense scenario and develops an optimal honeypot allocation strategy for the defender. Our approach takes into consideration the changes in network connectivity and the specific features and criticality of different nodes. In particular, we introduce a two-player dynamic game model that explicitly incorporates the future state evolution resulting from changes in connectivity. The defender's objective is twofold: to maximize the likelihood of the attacker hitting a honeypot and to minimize the cost associated with deception in terms of the reconfiguration cost of honeypot re-allocation due to mobility. We present an iterative algorithm to find Nash equilibrium strategies. Unfortunately, this class of games suffers from the curse of dimensionality due to the size of the large state space. Therefore, we evaluate the scalability of our algorithm and provide a compact state space that shows a significant reduction in terms of runtime. Finally, we relax the assumption that the defender has full up-to-date knowledge of the network topology. We present a sensitivity-analysis-based approach to quantify the impact of imperfect information in terms of the defender reward. We validate our approach numerically via extensive simulations, demonstrating that our game model successfully enhances network security and is more scalable.

show abstract

Section: Introductionmentioning

confidence: 84%

Section: Game Theoretic Deceptionmentioning

confidence: 99%

Strategic Honeypot Allocation in Dynamic Networks: A Game-Theoretic Approach for Enhanced Cybersecurity

Sayed,

Hemida,

Kiekintveld

et al. 2024

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Cyber deception is a strategy that utilizes false information and decoys in networks to mislead and divert attackers. The goal is to lure, confuse, or delay attackers while simultaneously detecting their presence and gaining insights into their tactics, allowing for early threat detection and enhanced cybersecurity defenses [11]. Furthermore, in [12], the authors addressed the critical issue of DDoS attacks on SDN IoT-Edge Computing, exacerbated by the pandemic-induced remote work trend.…”

Section: Related Workmentioning

confidence: 99%

“…This situation arises due to the widespread use of IoT, * Upon receiving a "Yes" response from the checker, indicating ample resources within the MEC server, the SDN controller forwards the request to the VNF processor (10). The VNF processor carries out the computation and transmits the response back to the SDN controller (11). The received response is then dispatched to the VNF receiver (VM3) for storage in the Cloud data center ( 8) and delivery to the legitimate device.…”

Section: B Request Process Managementmentioning

confidence: 99%

Improving Quality of Service and HTTPS DDoS Detection in MEC Environment With a Cyber Deception-Based Architecture

Kabdjou,

Shinomiya

2024

IEEE Access

View full text Add to dashboard Cite

Creating a cyber deception framework for 5G networks, particularly in IoT and cellular applications, is complex due to critical constraints in managing resources, meeting low latency demands, and addressing security concerns. While cloud computing aids in alleviating some limitations, it often falls short in meeting low-latency requirements. Multi-Access Edge Computing (MEC) has emerged as a solution by bringing resources closer to User Equipment (UEs) to reduce latency. Various MEC architectures have leveraged Software Defined Networking (SDN), Network Function Virtualization (NFV), Service Function Chaining (SFC), Network Slicing (NS), decision-making systems, and deception components. However, none have integrated these technologies comprehensively to achieve superior Quality of Service (QoS) and strengthen security. In this paper, we unify SDN, NFV, SFC, NS, decision-making technologies, and deception to efficiently manage MEC server resources and lure attackers. We utilize cyber deception metrics, including request collection rates over time and variations in request numbers concerning different botnet sizes. Moreover, we meticulously address QoS parameters such as latency, computing, storage, and bandwidth resources. Our approach initiates with a mathematical model for MEC server resource allocation, introducing a novel architecture that reduces bandwidth, computing, and storage resource usage. We introduce a cyber deception strategy utilizing uniform distribution and random selection to divert potential attackers. Simulations validate efficient resource management, notably reducing end-to-end latency for requests processed on the edge and in the cloud. This enhancement improves QoS within the MEC system and provides valuable insights for advancing decision-making technologies.

show abstract

Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach

Sayed,

Anwar,

Kiekintveld

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach

Cited by 6 publications

References 44 publications

Strategic Honeypot Allocation in Dynamic Networks: A Game-Theoretic Approach for Enhanced Cybersecurity

Strategic Honeypot Allocation in Dynamic Networks: A Game-Theoretic Approach for Enhanced Cybersecurity

Improving Quality of Service and HTTPS DDoS Detection in MEC Environment With a Cyber Deception-Based Architecture

Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach

Contact Info

Product

Resources

About