W911NF-17-S-0002: A Framework for Asymmetric Information Interactions among (Cyber) Defenders and Attackers

Abstract

Engaging with and deceiving attackers into intruding controlled systems and accessing obscured data offers a proactive approach to computer and information security. It wastes attacker resources and misleads the attacker. It also offers an untapped opportunity to understand the attackersÕ beliefs, capabilities, and preferences and how they evolve as the attacker engages in its malicious behavior. Identifying these mental and physical states not only informs the defender about the attackerÕs intent, but also guides new ways of deceiving the attacker. This research aims to computationally model cyber deception. Toward this, it is building a mathematical framework for modeling extended and sequential interactions between adversarial agents. Deception generally involves belief manipulation, which occurs when there is information asymmetry between the agents. The proposed framework views agents as being boundedly rational. They reason about othersÕ reasoning about others up to a finite depth. Due to cognitive limitations, some agents are more strategic than others thereby enabling deception. The investigations over three years will make early inroads into rigorously understanding and helping build a foundational science of cyber deception. PI Doshi, a recognized expert on decision making under uncertainty in multiagent settings, assisted by a multidisciplinary team comprising of a cyber security forensics researcher and a cognitive psychologist, will seek answers to questions such as: Can we perceive cyber deception through the lens of cognitive, belief-based, and social theories? How do we formalize associated notions such as belief manipulation and information asymmetry? The research is (i) building a new framework within which non-cooperative and heterogeneous agents interact using principled and innovative methods; (ii) utilizing the framework to establish the situational and mental conditions under which defenders can successfully deceive cyber attackers in various ways; and (iii) demonstrate the utility of this framework toward computer security through meaningful evaluations using existing compromised system audit data sets and by deploying on live honey pots. This research is particularly relevant to the Army because of the latterÕs critical need to safeguard national tactical secrets against constant cyber attacks. A fundamental understanding of the adversary in cyber space and its interactions with ArmyÕs systems will set the stage for developing new proactive cyber deception techniques. This project will not have any significant impact on the natural environment. It will employ multiple graduate students thereby contributing to the STEM workforce of the nation. The submitting organization, University of Georgia Research Foundation, Inc., has extensive experience in contracting with the department of defense.

Document Details

Document Type

DoD Grant Award

Publication Date

Feb 19, 2019

Source ID

W911NF1810288

Entities

Tags