Abstract
Computer network is always under the threat of adversaries. Before launching any real attacks, adversaries may scan and probe the systems to gain some key information. In this paper, we build a two-stage deception game to determine how to answer attackers’ scan and probe queries to minimize defender’s expected loss. To achieve optimal defense strategy, a sophisticated mixed integer program is formulated. To support fast computation in reality, a two-stage heuristic method is also developed based on the problem’s structural properties. Computational experiment shows that after scanning the whole network, adversary’s probe against some hosts and how such probe is responded have significant influences on defender’s expected loss. Our heuristic method is able to produce high quality solutions with a drastically improved computational performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albanese, M., Battista, E., Jajodia, S.: A deception based approach for defeating OS and service fingerprinting. In: 2015 IEEE Conference on Communications and Network Security (CNS) pp. 317–325. IEEE (2015)
Albanese, M., Battista, E., Jajodia, S.: Deceiving attackers by creating a virtual attack surface. In: Jajodia, S., Subrahmanian, V.S.S., Swarup, V., Wang, C. (eds.) Cyber Deception, pp. 169–201. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32699-3_8
Auffret, P.: SinFP, unification of active and passive operating system fingerprinting. J. Comput. Virol. 6(3), 197–205 (2010)
Bezanson, J., Edelman, A., Karpinski, S., Shah, V.B.: Julia: a fresh approach to numerical computing. SIAM Rev. 59(1), 65–98 (2017)
Brown, G., Carlyle, M., Diehl, D., Kline, J., Wood, K.: A two-sided optimization for theater ballistic missile defense. Oper. Res. 53(5), 745–763 (2005)
Cai, J.-Y., Yegneswaran, V., Alfeld, C., Barford, P.: An attacker-defender game for honeynets. In: Ngo, H.Q. (ed.) COCOON 2009. LNCS, vol. 5609, pp. 7–16. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02882-3_2
Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. Secur. Commun. Netw. 4(10), 1162–1172 (2011)
Dornseif, M., Holz, T., Klein, C.N.: Nosebreak-attacking honeynets. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop 2004, pp. 123–129. IEEE (2004)
Dunning, I., Huchette, J., Lubin, M.: Jump: a modeling language for mathematical optimization. SIAM Rev. 59(2), 295–320 (2017)
Garg, N., Grosu, D.: Deception in honeynets: a game-theoretic analysis. In: Information Assurance and Security Workshop 2007. IAW 2007. IEEE SMC, pp. 107–113. IEEE (2007)
Gurobi Optimization, I.: Gurobi optimizer reference manual (2016). http://www.gurobi.com
Hendricks, K., McAfee, R.P.: Feints. J. Econ. Manag. Strat. 15(2), 431–456 (2006)
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, vol. 54. Springer, Heidelberg (2011). https://doi.org/10.1007/978-1-4614-0977-9
Jajodia, S., et al.: A probabilistic logic of cyber deception. IEEE Trans. Inf. Forensics Secur. 12(11), 2532–2544 (2017)
Kuwatly, I., Sraj, M., Al Masri, Z., Artail, H.: A dynamic honeypot design for intrusion detection. In: IEEE/ACS International Conference on Pervasive Services, 2004. ICPS 2004,, pp. 95–104. IEEE (2004)
Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure (2009)
Mathews, L.: Equifax data breach impacts 143 million americans, 7 September 2017. https://www.forbes.com/sites/leemathews/2017/09/07/equifax-data-breach-impacts-143-million-americans/#5a924209356f
McMillan, R., Knutson, R.: Yahoo triples estimate of breached accounts to 3 billion, 3 October 2017. https://www.wsj.com/articles/yahoo-triples-estimate-of-breached-accounts-to-3-billion-1507062804
Perlroth, N.: Yahoo says hackers stole data on 500 million users in 2014, 22 September 2016. https://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html
Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_12
Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: International Conference on Autonomous Agents and Multiagent Systems (2018)
Shan, X., Zhuang, J.: Modeling credible retaliation threats in deterring the smuggling of nuclear weapons using partial inspection’a three-stage game. Decis. Anal. 11(1), 43–62 (2014)
Times, T.N.Y.: What are the panama papers? 4 April 2016. https://www.nytimes.com/2016/04/05/world/panama-papers-explainer.html
Yegneswaran, V., Alfeld, C., Barford, P., Cai, J.Y.: Camouflaging honeynets. In: IEEE Global Internet Symposium, 2007, pp. 49–54. IEEE (2007)
Zhang, F., Zhou, S., Qin, Z., Liu, J.: Honeypot: a supplemented active defense system for network security. In: Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2003. PDCAT 2003, pp. 231–235. IEEE (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, W., Zeng, B. (2018). A Two-Stage Deception Game for Network Defense. In: Bushnell, L., Poovendran, R., Başar, T. (eds) Decision and Game Theory for Security. GameSec 2018. Lecture Notes in Computer Science(), vol 11199. Springer, Cham. https://doi.org/10.1007/978-3-030-01554-1_33
Download citation
DOI: https://doi.org/10.1007/978-3-030-01554-1_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01553-4
Online ISBN: 978-3-030-01554-1
eBook Packages: Computer ScienceComputer Science (R0)