273 research outputs found
Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach
Honeypots play a crucial role in implementing various cyber deception
techniques as they possess the capability to divert attackers away from
valuable assets. Careful strategic placement of honeypots in networks should
consider not only network aspects but also attackers' preferences. The
allocation of honeypots in tactical networks under network mobility is of great
interest. To achieve this objective, we present a game-theoretic approach that
generates optimal honeypot allocation strategies within an attack/defense
scenario. Our proposed approach takes into consideration the changes in network
connectivity. In particular, we introduce a two-player dynamic game model that
explicitly incorporates the future state evolution resulting from changes in
network connectivity. The defender's objective is twofold: to maximize the
likelihood of the attacker hitting a honeypot and to minimize the cost
associated with deception and reconfiguration due to changes in network
topology. We present an iterative algorithm to find Nash equilibrium strategies
and analyze the scalability of the algorithm. Finally, we validate our approach
and present numerical results based on simulations, demonstrating that our game
model successfully enhances network security. Additionally, we have proposed
additional enhancements to improve the scalability of the proposed approach.Comment: This paper accepted in 14th International Conference on Decision and
Game Theory for Security, GameSec 202
Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook
Deception techniques have been widely seen as a game changer in cyber
defense. In this paper, we review representative techniques in honeypots,
honeytokens, and moving target defense, spanning from the late 1980s to the
year 2021. Techniques from these three domains complement with each other and
may be leveraged to build a holistic deception based defense. However, to the
best of our knowledge, there has not been a work that provides a systematic
retrospect of these three domains all together and investigates their
integrated usage for orchestrated deceptions. Our paper aims to fill this gap.
By utilizing a tailored cyber kill chain model which can reflect the current
threat landscape and a four-layer deception stack, a two-dimensional taxonomy
is developed, based on which the deception techniques are classified. The
taxonomy literally answers which phases of a cyber attack campaign the
techniques can disrupt and which layers of the deception stack they belong to.
Cyber defenders may use the taxonomy as a reference to design an organized and
comprehensive deception plan, or to prioritize deception efforts for a budget
conscious solution. We also discuss two important points for achieving active
and resilient cyber defense, namely deception in depth and deception lifecycle,
where several notable proposals are illustrated. Finally, some outlooks on
future research directions are presented, including dynamic integration of
different deception techniques, quantified deception effects and deception
operation cost, hardware-supported deception techniques, as well as techniques
developed based on better understanding of the human element.Comment: 19 page
Design of Dynamic and Personalized Deception: A Research Framework and New Insights
Deceptive defense techniques (e.g., intrusion detection, firewalls, honeypots, honeynets) are commonly used to prevent cyberattacks. However, most current defense techniques are generic and static, and are often learned and exploited by attackers. It is important to advance from static to dynamic forms of defense that can actively adapt a defense strategy according to the actions taken by individual attackers during an active attack. Our novel research approach relies on cognitive models and experimental games: Cognitive models aim at replicating an attacker’s behavior allowing the creation of personalized, dynamic deceptive defense strategies; experimental games help study human actions, calibrate cognitive models, and validate deceptive strategies. In this paper we offer the following contributions: (i) a general research framework for the design of dynamic, adaptive and personalized deception strategies for cyberdefense; (ii) a summary of major insights from experiments and cognitive models developed for security games of increased complexity; and (iii) a taxonomy of potential deception strategies derived from our research program so far
A Survey of Network Requirements for Enabling Effective Cyber Deception
In the evolving landscape of cybersecurity, the utilization of cyber
deception has gained prominence as a proactive defense strategy against
sophisticated attacks. This paper presents a comprehensive survey that
investigates the crucial network requirements essential for the successful
implementation of effective cyber deception techniques. With a focus on diverse
network architectures and topologies, we delve into the intricate relationship
between network characteristics and the deployment of deception mechanisms.
This survey provides an in-depth analysis of prevailing cyber deception
frameworks, highlighting their strengths and limitations in meeting the
requirements for optimal efficacy. By synthesizing insights from both
theoretical and practical perspectives, we contribute to a comprehensive
understanding of the network prerequisites crucial for enabling robust and
adaptable cyber deception strategies
DECEPTION BASED TECHNIQUES AGAINST RANSOMWARES: A SYSTEMATIC REVIEW
Ransomware is the most prevalent emerging business risk nowadays. It seriously affects business continuity and operations. According to Deloitte Cyber Security Landscape 2022, up to 4000 ransomware attacks occur daily, while the average number of days an organization takes to identify a breach is 191. Sophisticated cyber-attacks such as ransomware typically must go through multiple consecutive phases (initial foothold, network propagation, and action on objectives) before accomplishing its final objective. This study analyzed decoy-based solutions as an approach (detection, prevention, or mitigation) to overcome ransomware. A systematic literature review was conducted, in which the result has shown that deception-based techniques have given effective and significant performance against ransomware with minimal resources. It is also identified that contrary to general belief, deception techniques mainly involved in passive approaches (i.e., prevention, detection) possess other active capabilities such as ransomware traceback and obstruction (thwarting), file decryption, and decryption key recovery. Based on the literature review, several evaluation methods are also analyzed to measure the effectiveness of these deception-based techniques during the implementation process
Game of Travesty: Decoy-based Psychological Cyber Deception for Proactive Human Agents
The concept of cyber deception has been receiving emerging attention. The
development of cyber defensive deception techniques requires interdisciplinary
work, among which cognitive science plays an important role. In this work, we
adopt a signaling game framework between a defender and a human agent to
develop a cyber defensive deception protocol that takes advantage of the
cognitive biases of human decision-making using quantum decision theory to
combat insider attacks (IA). The defender deceives an inside human attacker by
luring him to access decoy sensors via generators producing perceptions of
classical signals to manipulate the human attacker's psychological state of
mind. Our results reveal that even without changing the classical traffic data,
strategically designed generators can result in a worse performance for
defending against insider attackers in identifying decoys than the ones in the
deceptive scheme without generators, which generate random information based on
input signals. The proposed framework leads to fundamental theories in
designing more effective signaling schemes
Collaborative Honeypot Defense in UAV Networks: A Learning-Based Game Approach
The proliferation of unmanned aerial vehicles (UAVs) opens up new
opportunities for on-demand service provisioning anywhere and anytime, but also
exposes UAVs to a variety of cyber threats. Low/medium interaction honeypots
offer a promising lightweight defense for actively protecting mobile Internet
of things, particularly UAV networks. While previous research has primarily
focused on honeypot system design and attack pattern recognition, the incentive
issue for motivating UAV's participation (e.g., sharing trapped attack data in
honeypots) to collaboratively resist distributed and sophisticated attacks
remains unexplored. This paper proposes a novel game-theoretical collaborative
defense approach to address optimal, fair, and feasible incentive design, in
the presence of network dynamics and UAVs' multi-dimensional private
information (e.g., valid defense data (VDD) volume, communication delay, and
UAV cost). Specifically, we first develop a honeypot game between UAVs and the
network operator under both partial and complete information asymmetry
scenarios. The optimal VDD-reward contract design problem with partial
information asymmetry is then solved using a contract-theoretic approach that
ensures budget feasibility, truthfulness, fairness, and computational
efficiency. In addition, under complete information asymmetry, we devise a
distributed reinforcement learning algorithm to dynamically design optimal
contracts for distinct types of UAVs in the time-varying UAV network. Extensive
simulations demonstrate that the proposed scheme can motivate UAV's cooperation
in VDD sharing and improve defensive effectiveness, compared with conventional
schemes.Comment: Accepted Aug. 28, 2023 by IEEE Transactions on Information Forensics
& Security. arXiv admin note: text overlap with arXiv:2209.1381
- …