Game Theory Based Dynamic Defense Mechanism for SDN

“…1) Players: Most research taking game-theoretic defensive deception approaches model a two-player game where the two players are an attacker and a defender using defensive deception [81,93,104]. However, even in a two-player game, some deception games modeled different types of players under each player.…”

“…Mao et al [93] used honeypots as a defense strategy in a non-cooperative Bayesian game with imperfect, incomplete information where an attacker is a leader and a defender is a follower. The authors considered a player's perception towards possible motivation, deceptions, and payoffs of the game.…”

“…• Scanning (or reconnaissance) attacks [5,20,30,45,93,95,121,122,142]: An outside attacker may aim to obtain a target system's information and identify vulnerable system component to penetrate into the target system. This attack is often considered as part of the cyber kill chain in APT attacks.…”

“…However, passive monitoring cannot identify services that do not run on well-known ports or are misdirected without protocolspecific decoders [22]. -Active probing attacks [5,20,45,93,121,122]: Through sending probing packets to a potential target, the attacker can obtain the machine's information, includes OS, opened ports, and installed application version. Although active probing can allow the attackers to collect more system configurations, it is relatively easy to be detected by traditional defensive technologies, such as IDS [22].…”

“…1) DD Techniques: Honeypots are popularly used as a defense strategy in game-theoretic defensive deception framework [45,93] for taking dynamic, adaptive defense strategies.…”

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

“…1) Players: Most research taking game-theoretic defensive deception approaches model a two-player game where the two players are an attacker and a defender using defensive deception [81,93,104]. However, even in a two-player game, some deception games modeled different types of players under each player.…”

“…Mao et al [93] used honeypots as a defense strategy in a non-cooperative Bayesian game with imperfect, incomplete information where an attacker is a leader and a defender is a follower. The authors considered a player's perception towards possible motivation, deceptions, and payoffs of the game.…”

“…• Scanning (or reconnaissance) attacks [5,20,30,45,93,95,121,122,142]: An outside attacker may aim to obtain a target system's information and identify vulnerable system component to penetrate into the target system. This attack is often considered as part of the cyber kill chain in APT attacks.…”

“…However, passive monitoring cannot identify services that do not run on well-known ports or are misdirected without protocolspecific decoders [22]. -Active probing attacks [5,20,45,93,121,122]: Through sending probing packets to a potential target, the attacker can obtain the machine's information, includes OS, opened ports, and installed application version. Although active probing can allow the attackers to collect more system configurations, it is relatively easy to be detected by traditional defensive technologies, such as IDS [22].…”

“…1) DD Techniques: Honeypots are popularly used as a defense strategy in game-theoretic defensive deception framework [45,93] for taking dynamic, adaptive defense strategies.…”

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

Mee: Adaptive Honeyfile System for Insider Attacker Detection

A Survey of Defensive Deception: Approaches Using Game Theory and Machine Learning