- Md Abu Sayed ORCID:orcid.org/0000-0002-5560-915010,
- Ahmed H. Anwar ORCID:orcid.org/0000-0001-8907-304311,
- Christopher Kiekintveld ORCID:orcid.org/0000-0003-0615-958410,
- Branislav Bosansky ORCID:orcid.org/0000-0002-3841-951512 &
- …
- Charles Kamhoua ORCID:orcid.org/0000-0003-2169-597511
Part of the book series:Lecture Notes in Computer Science ((LNCS,volume 13727))
Included in the following conference series:
Abstract
Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by misrepresenting the true state of the network. Existing work on cyber deception does not model zero-day attacks. In this paper, we address the question of “How to allocate honeypots over the network?” to protect its most valuable assets. To this end, we develop a two-player zero-sum game theoretic approach to study the potential reconnaissance tracks and attack paths that attackers may use. However, zero-day attacks allow attackers to avoid placed honeypots by creating new attack paths. Therefore, we introduce a sensitivity analysis to investigate the impact of different zero-day vulnerabilities on the performance of the proposed deception technique. Next, we propose several mitigating strategies to defend the network against zero-day attacks based on this analysis. Finally, our numerical results validate our findings and illustrate the effectiveness of the proposed defense approach.
Research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Numbers W911NF-19-2-0150 and W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein. Branislav Bosansky was also supported by the Czech Science Foundation (no. 19-24384Y).
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 8579
- Price includes VAT (Japan)
- Softcover Book
- JPY 10724
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015).https://doi.org/10.1007/978-3-319-22915-7_40
Schuster, R., Shmatikov, V., Tromer, E.: Beauty and the burst: remote identification of encrypted video streams. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1357–1374 (2017)
Fu, X., Graham, B., Xuan, D., Bettati, R., Zhao, W.: Empirical and theoretical evaluation of active probing attacks and their countermeasures. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 266–281. Springer, Heidelberg (2004).https://doi.org/10.1007/978-3-540-30114-1_19
Bansal, G., Kumar, N., Nandi, S., Biswas, S.: Detection of NDP based attacks using MLD. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 163–167 (2012)
Çeker, H., Zhuang, J., Upadhyaya, S., La, Q.D., Soong, B.-H.: Deception-based game theoretical approach to mitigate DoS attacks. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 18–38. Springer, Cham (2016).https://doi.org/10.1007/978-3-319-47413-7_2
Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access6, 13958–13971 (2018)
Anwar, A.H., Kamhoua, C., Leslie, N.: A game-theoretic framework for dynamic cyber deception in Internet of Battlefield Things. In: Proceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 522–526 (2019)
Wang, C., Zhuo, L.: Cyber deception: overview and the road ahead. IEEE Secur. Priv.16(2), 80–85 (2018)
Mokube, I., Adams, M.: Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference, pp. 321–326 (2007)
Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev.35, 100219 (2020)
Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345 (2006)
Bilge, L., Dumitraş, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833–844 (2012)
Zhu, M., Anwar, A.H., Wan, Z., Cho, J.-H., Kamhoua, C.A., Singh, M.P.: A survey of defensive deception: approaches using game theory and machine learning. IEEE Commun. Surv. Tutor.23(4), 2460–2493 (2021)
Schlenker, A., Thakoor, O., Xu, H., Fang, F., Tambe, M., Vayanos, P.: Game theoretic cyber deception to foil adversarial network reconnaissance. In: Jajodia, S., Cybenko, G., Subrahmanian, V.S., Swarup, V., Wang, C., Wellman, M. (eds.) Adaptive Autonomous Secure Cyber Systems, pp. 183–204. Springer, Cham (2020).https://doi.org/10.1007/978-3-030-33432-1_9
Pawlick, J., Zhu, Q.: Deception by design: evidence-based signaling games for network defense. arXiv preprintarXiv:1503.05458 (2015)
Fraser, N.M., Hipel, K.W.: Conflict Analysis: Models and Resolutions. North-Holland (1984)
Vane, R., Lehner, P.E.: Using hypergames to select plans in adversarial environments. In: Proceedings of the 1st Workshop on Game Theoretic and Decision Theoretic Agents, pp. 103–111 (1999)
Ferguson-Walter, K., Fugate, S., Mauger, J., Major, M.: Game theory for adaptive defensive cyber deception. In: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, p. 4. ACM (2019)
Cho, J.-H., Zhu, M., Singh, M.: Modeling and analysis of deception games based on hypergame theory. In: Al-Shaer, E., Wei, J., Hamlen, K.W., Wang, C. (eds.) Autonomous Cyber Deception, pp. 49–74. Springer, Cham (2019).https://doi.org/10.1007/978-3-030-02110-8_4
Nguyen, T., Yang, R., Azaria, A., Kraus, S., Tambe, M.: Analyzing the effectiveness of adversary modeling in security games. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 27, pp. 718–724 (2013)
Sinha, A., Fang, F., An, B., Kiekintveld, C., Tambe, M.: Stackelberg security games: looking beyond a decade of success. IJCAI (2018)
Eder-Neuhauser, P., Zseby, T., Fabini, J., Vormayr, G.: Cyber attack models for smart grid environments. Sustain. Energy Grids Netw.12, 10–29 (2017)
Al-Rushdan, H., Shurman, M., Alnabelsi, S.H., Althebyan, Q.: Zero-day attack detection and prevention in software-defined networks. In: 2019 International Arab Conference on Information Technology (ACIT), pp. 278–282. IEEE (2019)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224 (2002)
Başar, T., Olsder, G.J.: Dynamic Noncooperative Game Theory, vol. 23. SIAM (1999)
Author information
Authors and Affiliations
University of Texas at El Paso, El Paso, TX, 79968, USA
Md Abu Sayed & Christopher Kiekintveld
US Army Research Laboratory, Adelphi, MD, 20783, USA
Ahmed H. Anwar & Charles Kamhoua
Department of Computer Science, Faculty of Electrical Engineering, Czech Technical University in Prague, Prague, Czechia
Branislav Bosansky
- Md Abu Sayed
You can also search for this author inPubMed Google Scholar
- Ahmed H. Anwar
You can also search for this author inPubMed Google Scholar
- Christopher Kiekintveld
You can also search for this author inPubMed Google Scholar
- Branislav Bosansky
You can also search for this author inPubMed Google Scholar
- Charles Kamhoua
You can also search for this author inPubMed Google Scholar
Corresponding authors
Correspondence toMd Abu Sayed,Ahmed H. Anwar,Christopher Kiekintveld,Branislav Bosansky orCharles Kamhoua.
Editor information
Editors and Affiliations
Carnegie Mellon University, Pittsburgh, PA, USA
Fei Fang
University of Chicago, Chicago, IL, USA
Haifeng Xu
Université d'Avignon, Avignon, France
Yezekael Hayel
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sayed, M.A., Anwar, A.H., Kiekintveld, C., Bosansky, B., Kamhoua, C. (2023). Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach. In: Fang, F., Xu, H., Hayel, Y. (eds) Decision and Game Theory for Security. GameSec 2022. Lecture Notes in Computer Science, vol 13727. Springer, Cham. https://doi.org/10.1007/978-3-031-26369-9_3
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-031-26368-2
Online ISBN:978-3-031-26369-9
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative