Multi-Round Deception Games

Abstract

The use of deception in cyber defense has a long tradition, with honeypots and honeynets among the most popular examples. While there is evidence that deception can be highly effective even with sophisticated cyber attackers, neither the guiding principles of deception, nor its optimal deployment as an active security tool, are well understood. Instead, deception is commonly ad hoc and passive, focused on detecting and characterizing attacks. Our goal is to develop mathematical foundations for studying deception and to translate these methods into practical cyber defense. The approach we propose transforms the idea of guiding attackers through attack graphs into a formal and compact representation of defender-attacker interactions based on a novel class of factored partially-observable stochastic games (POSGs) which we term Dynamic Deception Games (DDGs). In DDGs, attackers and defenders imperfectly observe some of the state variables (e.g., network and attacker access). Attackers proceed through a sequence of steps by taking probing, monitoring, and exploit actions which stochastically transform state. Defenders design the system architecture, including deception, and react to (partial, noisy) observations of attacker moves. We consider in DDGs both rational attackers, as well as attackers with cognitive and computational bounds (e.g., learning attackers), allowing defenders to maximize the value of deception. In particular, the defender can exploit any cognitive bounds or mistakes of attackers. A unique feature of our approach is the integration of realistic models of information, computation, and learning of attackers to design optimal deception that steers attackers towards harmless states.

Document Details

Document Type

DoD Grant Award

Publication Date

May 06, 2019

Source ID

W911NF1910241

Entities

Tags