Abstract
Honeypots are a classic cyber-deceptive technique that allows a defender to add false information into the system in an effort to deter/delay/distract potential attackers. However, the effectiveness of honeypots is dependent on their design along with the environment into which they are deployed. In this work, we consider the scenario where there is a collection of honeypots along with a set of fake credentials. In the first part of the paper, we uncover fundamental bounds that relate to how long these deceptive elements remain effective. In the second part of the paper, we take our results one step further and analyze a two-person game where the attacker attempts to access desired resources within a system according to a preference model and the defender attempts to design honeypots that slow attacker progress. While prior work has demonstrated the defender’s ability to learn attacker preferences by observing the attacker’s actions, we enrich both parties’ action spaces by allowing the attacker to query whether a server is real or honeypot and by allowing the defender to choose between honeypots that better reveal attacker behavior, or honeypots that exploit current knowledge of attacker behavior. In this setting, we provide and analyze optimal strategies for the attacker, along with a learning bound for and simulation of defender strategies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aggarwal, P., Gonzalez, C., Dutt, V.: Cyber-security: role of deception in cyber-attack detection. In: Nicholson, D. (ed.) Advances in Human Factors in Cybersecurity, pp. 85–96. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41932-9_8
Zhang, J., et al.: Modeling multi-target defender-attacker games with quantal response attack strategies. Reliab. Eng. Syst. Saf. 205, 107165 (2021)
Campbell, R.M., et al.: A survey of honeypot research: Trends and opportunities. In: ICITST, pp. 208–212 (2015)
Wang, Y., et al.: A survey of game theoretic methods for cyber security. In: IEEE International Conference on Data Science in Cyberspace, pp. 631–636 (2016)
Pawlick, J., et al.: A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy. ACM Comput. Surv. 52(4), 1–28 (2019)
Bilinski, M., Gabrys, R., Mauger, J.: Optimal placement of honeypots for network defense. In: Bushnell, L., Poovendran, R., Başar, T. (eds.) GameSec 2018. LNCS, vol. 11199, pp. 115–126. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01554-1_7
Bilinski, M., diVita, J., Ferguson-Walter, K., Fugate, S., Gabrys, R., Mauger, J., Souza, B.: Lie another day: demonstrating bias in a multi-round cyber deception game of questionable veracity. In: Zhu, Q., Baras, J.S., Poovendran, R., Chen, J. (eds.) GameSec 2020. LNCS, vol. 12513, pp. 80–100. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64793-3_5
Bilinski, M., et al.: No time to lie: bounds on the learning rate of a defender for inferring attacker target preferences. In: Bošanský, B., Gonzalez, C., Rass, S., Sinha, A. (eds.) GameSec 2021. LNCS, vol. 13061, pp. 138–157. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90370-1_8
Erdős, P., Rényi, A.: On a classical problem of probability theory. Magyar Tud. Akad. Mat. Kutató Int. Közl 6, 215–220 (1961)
Hoeffding, W.: Probability inequalities for sums of bounded random variables. In: Fisher, N.I., Sen, P.K. (eds.) The Collected Works of Wassily Hoeffding, pp. 409–426. Springer, New York (1994). https://doi.org/10.1007/978-1-4612-0865-5_26
Nguyen, T., et al.: Deception in finitely repeated security games. In: AAAI (2019)
Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: IFAAMAS, pp. 892–900 (2018)
Sun, N., et al.: Data-driven cybersecurity incident prediction: a survey. IEEE Commun. Surv. Tutor. 21(2), 1744–1772 (2019)
Tropp, J.A., et al.: An introduction to matrix concentration inequalities. Found. Trends® Mach. Learn. 8, 1–230 (2015)
Wildon, M.: Knights, spies, games and ballot sequences. Discrete Math. 310(21), 2974–2983 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Cromp, S., Bilinski, M., Gabrys, R., Sala, F. (2023). The Credential is Not Enough: Deception with Honeypots and Fake Credentials. In: Fu, J., Kroupa, T., Hayel, Y. (eds) Decision and Game Theory for Security. GameSec 2023. Lecture Notes in Computer Science, vol 14167. Springer, Cham. https://doi.org/10.1007/978-3-031-50670-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-50670-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-50669-7
Online ISBN: 978-3-031-50670-3
eBook Packages: Computer ScienceComputer Science (R0)