A Review of Attacker-Defender Games and Cyber Security

The focus of this review is the long and broad history of attacker–defender games as a foundation for the narrower and shorter history of cyber security. The purpose is to illustrate the role of game theory in cyber security and which areas have received attention and to indicate future research directions. The methodology uses the search terms game theory, attack, defense, and cyber security in Web of Science, augmented with the authors’ knowledge of the field. Games may involve multiple attackers and defenders over multiple periods. Defense involves security screening and inspection, the detection of invaders, jamming, secrecy, and deception. Incomplete information is reviewed due to its inevitable presence in cyber security. The findings pertain to players sharing information weighted against the security investment, influenced by social planning. Attackers stockpile zero-day cyber vulnerabilities. Defenders build deterrent resilient systems. Stochastic cyber security games play a role due to uncertainty and the need to build probabilistic models. Such games can be further developed. Cyber security games based on traffic and transportation are reviewed; they are influenced by the more extensive communication of GPS data. Such games should be extended to comprise air, land, and sea. Finally, cyber security education and board games are reviewed, which play a prominent role.publishedVersio

Design of Dynamic and Personalized Deception: A Research Framework and New Insights

Deceptive defense techniques (e.g., intrusion detection, firewalls, honeypots, honeynets) are commonly used to prevent cyberattacks. However, most current defense techniques are generic and static, and are often learned and exploited by attackers. It is important to advance from static to dynamic forms of defense that can actively adapt a defense strategy according to the actions taken by individual attackers during an active attack. Our novel research approach relies on cognitive models and experimental games: Cognitive models aim at replicating an attacker’s behavior allowing the creation of personalized, dynamic deceptive defense strategies; experimental games help study human actions, calibrate cognitive models, and validate deceptive strategies. In this paper we offer the following contributions: (i) a general research framework for the design of dynamic, adaptive and personalized deception strategies for cyberdefense; (ii) a summary of major insights from experiments and cognitive models developed for security games of increased complexity; and (iii) a taxonomy of potential deception strategies derived from our research program so far

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

The increasing instances of advanced attacks call for a new defense paradigm that is active, autonomous, and adaptive, named as the \texttt{`3A'} defense paradigm. This chapter introduces three defense schemes that actively interact with attackers to increase the attack cost and gather threat information, i.e., defensive deception for detection and counter-deception, feedback-driven Moving Target Defense (MTD), and adaptive honeypot engagement. Due to the cyber deception, external noise, and the absent knowledge of the other players' behaviors and goals, these schemes possess three progressive levels of information restrictions, i.e., from the parameter uncertainty, the payoff uncertainty, to the environmental uncertainty. To estimate the unknown and reduce uncertainty, we adopt three different strategic learning schemes that fit the associated information restrictions. All three learning schemes share the same feedback structure of sensation, estimation, and actions so that the most rewarding policies get reinforced and converge to the optimal ones in autonomous and adaptive fashions. This work aims to shed lights on proactive defense strategies, lay a solid foundation for strategic learning under incomplete information, and quantify the tradeoff between the security and costs.Comment: arXiv admin note: text overlap with arXiv:1906.1218

A Comprehensive Insight into Game Theory in relevance to Cyber Security

The progressively ubiquitous connectivity in the present information systems pose newer challenges tosecurity. The conventional security mechanisms have come a long way in securing the well-definedobjectives of confidentiality, integrity, authenticity and availability. Nevertheless, with the growth in thesystem complexities and attack sophistication, providing security via traditional means can beunaffordable. A novel theoretical perspective and an innovative approach are thus required forunderstanding security from decision-making and strategic viewpoint. One of the analytical tools whichmay assist the researchers in designing security protocols for computer networks is game theory. Thegame-theoretic concept finds extensive applications in security at different levels, including thecyberspace and is generally categorized under security games. It can be utilized as a robust mathematicaltool for modelling and analyzing contemporary security issues. Game theory offers a natural frameworkfor capturing the defensive as well as adversarial interactions between the defenders and the attackers.Furthermore, defenders can attain a deep understanding of the potential attack threats and the strategiesof attackers by equilibrium evaluation of the security games. In this paper, the concept of game theoryhas been presented, followed by game-theoretic applications in cybersecurity including cryptography.Different types of games, particularly those focused on securing the cyberspace, have been analysed andvaried game-theoretic methodologies including mechanism design theories have been outlined foroffering a modern foundation of the science of cybersecurity

A comprehensive survey on cyber deception techniques to improve honeypot performance

Abstract Honeypot technologies are becoming increasingly popular in cybersecurity as they offer valuable insights into adversary behavior with a low rate of false detections. By diverting the attention of potential attackers and siphoning off their resources, honeypots are a powerful tool for protecting critical assets within a network. However, the cybersecurity landscape constantly evolves, and professional attackers are always working to uncover and bypass honeypots. Once an adversary successfully identifies a deception mechanism in place, they may change their tactics, potentially causing significant harm to the network. Maintaining a high level of deception is crucial for honeypots to remain undetectable. This paper explores various deception techniques designed specifically for honeypots to enhance their performance while making them impervious to detection. Previous research has not provided a detailed comparison of these techniques, particularly those tailored to honeynets. Therefore, we categorize the presented techniques into relevant classes, subject them to a comparative analysis, and evaluate their effectiveness in simulation scenarios. We also present a mathematical model that comprehensively represents and compares various honeynet research endeavors. In addition, we provide insightful suggestions that highlight the existing research gaps in this field and offer a roadmap for future expansion. This includes extending deception techniques to emulate vulnerabilities inherent in 5G and software-defined networks, which address the evolving challenges of the cybersecurity landscape. The findings and insights presented in this paper are valuable to honeypot developers and cybersecurity researchers alike, providing a vital resource for advancing the field and fortifying network defenses against ever-evolving threats.Abstract Honeypot technologies are becoming increasingly popular in cybersecurity as they offer valuable insights into adversary behavior with a low rate of false detections. By diverting the attention of potential attackers and siphoning off their resources, honeypots are a powerful tool for protecting critical assets within a network. However, the cybersecurity landscape constantly evolves, and professional attackers are always working to uncover and bypass honeypots. Once an adversary successfully identifies a deception mechanism in place, they may change their tactics, potentially causing significant harm to the network. Maintaining a high level of deception is crucial for honeypots to remain undetectable. This paper explores various deception techniques designed specifically for honeypots to enhance their performance while making them impervious to detection. Previous research has not provided a detailed comparison of these techniques, particularly those tailored to honeynets. Therefore, we categorize the presented techniques into relevant classes, subject them to a comparative analysis, and evaluate their effectiveness in simulation scenarios. We also present a mathematical model that comprehensively represents and compares various honeynet research endeavors. In addition, we provide insightful suggestions that highlight the existing research gaps in this field and offer a roadmap for future expansion. This includes extending deception techniques to emulate vulnerabilities inherent in 5G and software-defined networks, which address the evolving challenges of the cybersecurity landscape. The findings and insights presented in this paper are valuable to honeypot developers and cybersecurity researchers alike, providing a vital resource for advancing the field and fortifying network defenses against ever-evolving threats