Manipulating Adversary’s Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security

Horák, Karel; Zhu, Quanyan; Bošanský, Branislav

doi:10.1007/978-3-319-68711-7_15

Cited by 74 publications

(62 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another approach is based on the type of the attack and malicious behaviour [114]- [118]. More particularly, in this case, depending on the type of adversarial or malicious behavior that is active or passive, an appropriate game strategy, e.g., Nash or Stackelberg, has been discussed.…”

Section: B Defense Mechanismsmentioning

confidence: 99%

A systems and control perspective of CPS security

Dibaji

Pirani

Flamholz

et al. 2019

Annual Reviews in Control

380

191

View full text Add to dashboard Cite

The comprehensive integration of instrumentation, communication, and control into physical systems has led to the study of Cyber-Physical Systems (CPS), a field that has recently garnered increased attention. A key concern that is ubiquitous in CPS is a need to ensure security in the face of cyber attacks. In this paper, we carry out a survey of systems and control methods that have been proposed for the security of CPS. We classify these methods into three categories based on the type of defense proposed against the cyberattacks: prevention, resilience, and detection & isolation. A unified threat assessment metric is proposed in order to evaluate how CPS security is achieved in each of these three cases. Also surveyed are risk assessment tools and the effect of network topology on CPS security. An emphasis has been placed on power and transportation applications in the overall survey. Index Terms-cyber-physical systems, resilient control I. INTRODUCTION Motivated by concerns about sustainability, efficiency, and resiliency, several sectors including energy, transportation, water, and healthcare systems have witnessed significant advances in instrumentation, monitoring, and automation over the past decade. The resulting integration of information, communication, and computation with physically engineered systems demands a detailed investigation into the analysis and synthesis of Cyber-Physical Systems (CPS) so as to realize the desired performance metrics of efficiency, sustainability, and safety. The extensive and intricate presence of cyber components also introduces a vulnerability of unwanted access to these systems. The available communication technologies, referred to as SCADA (Supervisory Control and Data Acquisition), are witnessing significant advances, triggering a shift from protected, closed, and wired networks to open and wireless networks which, as a side effect, are more vulnerable to outside interference.

show abstract

Section: B Defense Mechanismsmentioning

confidence: 99%

A systems and control perspective of CPS security

Dibaji

Pirani

Flamholz

et al. 2019

Annual Reviews in Control

380

191

View full text Add to dashboard Cite

show abstract

“…For the purposes of the classification in Section 4, it is interesting to note that the paper builds upon the foundation of honeypot deployment, but adds the dynamic element of multiple-round attack graphs. Horák et al [2017] model the penetration of an attacker into a network using a one-sided partially observable stochastic game. Unlike most approaches to network security, Horák et al consider the defender rather than the attacker to be the informed player.…”

Section: Attacker Engagementmentioning

confidence: 99%

A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy

2019

Self Cite

View full text Add to dashboard Cite

Cyberattacks on both databases and critical infrastructure have threatened public and private sectors. Ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this paper, we survey 24 articles from 2008-2018 that use game theory to model defensive deception for cybersecurity and privacy. Then we propose a taxonomy that defines six types of deception: perturbation, moving target defense, obfuscation, mixing, honey-x, and attacker engagement. These types are delineated by their information structures, agents, actions, and duration: precisely concepts captured by game theory. Our aims are to rigorously define types of defensive deception, to capture a snapshot of the state of the literature, to provide a menu of models which can be used for applied research, and to identify promising areas for future work. Our taxonomy provides a systematic foundation for understanding different types of defensive deception commonly encountered in cybersecurity and privacy.

show abstract

“…Active defenses [14] and defensive deceptions [1] to detect and deter attacks have been active research areas. The authors in [8] design a proactive defense scheme where the defender can manipulate the adversary's belief. In particular, many works [7], [16] including ones with game-theoretic models [22], [12] focus on adaptive honeypot deployment to effectively engage attackers and gather information without attackers' notice.…”

Section: A Related Workmentioning

confidence: 99%

Adaptive Honeypot Engagement Through Reinforcement Learning of Semi-Markov Decision Processes

Huang

Zhu

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

The honeynet is a promising active cyber defense mechanism. It reveals the fundamental Indicators of Compromise (IoC) by luring attackers to conduct adversarial behaviors in a controlled and monitored environment. The active interaction at the honeynet brings a high reward but also introduces high implementation costs and risks of adversarial honeynet exploitation. In this work, we apply the infinite-horizon Semi-Markov Decision Process (SMDP) to characterize the stochastic transition and sojourn time of attackers in the honeynet and quantify the reward-risk trade-off. In particular, we produce adaptive long-term engagement policies shown to be risk-averse, cost-effective, and time-efficient. Numerical results have demonstrated that our adaptive interaction policies can quickly attract attackers to the target honeypot and engage them for a sufficiently long period to obtain worthy threat information. Meanwhile, the penetration probability is kept at a low level. The results show that the expected utility is robust against attackers of a large range of persistence and intelligence. Finally, we apply reinforcement learning to SMDP to solve the curse of modeling. Under a prudent choice of the learning rate and exploration policy, we achieve a quick and robust convergence of the optimal policy and value.

show abstract

Manipulating Adversary’s Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security

Cited by 74 publications

References 21 publications

A systems and control perspective of CPS security

A systems and control perspective of CPS security

A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy

Adaptive Honeypot Engagement Through Reinforcement Learning of Semi-Markov Decision Processes

Contact Info

Product

Resources

About