Dynamic Bayesian Games for Adversarial and Defensive Cyber Deception

  • Linan Huang
  • Quanyan ZhuEmail author


Security challenges accompany the efficiency. The pervasive integration of information and communications technologies (ICTs) makes cyber-physical systems vulnerable to targeted attacks that are deceptive, persistent, adaptive, and strategic. Attack instances such as Stuxnet, Dyn, and WannaCry ransomware have shown the insufficiency of off-the-shelf defensive methods including the firewall and intrusion detection systems. Hence, it is essential to design up-to-date security mechanisms that can mitigate the risks despite the successful infiltration and the strategic response of sophisticated attackers.

In this chapter, we use game theory to model competitive interactions between defenders and attackers. First, we use the static Bayesian game to capture the stealthy and deceptive characteristics of the attacker. A random variable called the type characterizes users’ essences and objectives, e.g., a legitimate user or an attacker. The realization of the user’s type is private information due to the cyber deception. Then, we extend the one-shot simultaneous interaction into the one-shot interaction with asymmetric information structure, i.e., the signaling game. Finally, we investigate the multi-stage transition under a case study of Advanced Persistent Threats (APTs) and Tennessee Eastman (TE) process. Two-sided incomplete information is introduced because the defender can adopt defensive deception techniques such as honeyfiles and honeypots to create sufficient amount of uncertainties for the attacker. Throughout this chapter, the analysis of the Nash equilibrium (NE), Bayesian Nash equilibrium (BNE), and perfect Bayesian Nash equilibrium (PBNE) enables the policy prediction of the adversary and the design of proactive and strategic defenses to deter attackers and mitigate losses.


Bayesian games Multi-stage transitions Advanced Persistent Threats (APTs) Cyber deception Proactive and strategic defense 


  1. 1.
    Aghassi, M., Bertsimas, D.: Robust game theory. Mathematical Programming 107(1–2), 231–273 (2006)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Akerlof, G.A., Shiller, R.J.: Phishing for phools: The economics of manipulation and deception. Princeton University Press (2015)Google Scholar
  3. 3.
    Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Tech. rep., Technical report (2000)Google Scholar
  4. 4.
    Chen, J., Zhu, Q.: Security investment under cognitive constraints: A gestalt Nash equilibrium approach. In: Information Sciences and Systems (CISS), 2018 52nd Annual Conference on, pp. 1–6. IEEE (2018)Google Scholar
  5. 5.
    Coppolino, L., D’Antonio, S., Romano, L., Spagnuolo, G.: An intrusion detection system for critical information infrastructures using wireless sensor network technologies. In: Critical Infrastructure (CRIS), 2010 5th International Conference on, pp. 1–8. IEEE (2010)Google Scholar
  6. 6.
  7. 7.
    Farhang, S., Manshaei, M.H., Esfahani, M.N., Zhu, Q.: A dynamic Bayesian security game framework for strategic defense mechanism design. In: Decision and Game Theory for Security, pp. 319–328. Springer (2014)Google Scholar
  8. 8.
    Harsanyi, J.C.: Games with incomplete information played by “Bayesian” players, i–iii part i. the basic model. Management science 14(3), 159–182 (1967)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Horák, K., Zhu, Q., Bošanskỳ, B.: Manipulating adversary’s belief: A dynamic game approach to deception by design for proactive network security. In: International Conference on Decision and Game Theory for Security, pp. 273–294. Springer (2017)Google Scholar
  10. 10.
    Huang, L., Chen, J., Zhu, Q.: A large-scale Markov game approach to dynamic protection of interdependent infrastructure networks. In: International Conference on Decision and Game Theory for Security, pp. 357–376. Springer (2017)Google Scholar
  11. 11.
    Huang, L., Zhu, Q.: Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks. In: ACM SIGMETRICS Performance Evaluation Review (2018)Google Scholar
  12. 12.
    Huang, L., Zhu, Q.: Analysis and computation of adaptive defense strategies against advanced persistent threats for cyber-physical systems. In: International Conference on Decision and Game Theory for Security (2018)Google Scholar
  13. 13.
    Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S.: Moving target defense: creating asymmetric uncertainty for cyber threats, vol. 54. Springer Science & Business Media (2011)Google Scholar
  14. 14.
    Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., Wang, C.: Cyber warfare: building the scientific foundation, vol. 56. Springer (2015)Google Scholar
  15. 15.
    Lei, C., Ma, D.H., Zhang, H.Q.: Optimal strategy selection for moving target defense based on Markov game. IEEE Access 5, 156–169 (2017)CrossRefGoogle Scholar
  16. 16.
    Mahon, J.E.: The definition of lying and deception. In: E.N. Zalta (ed.) The Stanford Encyclopedia of Philosophy, winter 2016 edn. Metaphysics Research Lab, Stanford University (2016)Google Scholar
  17. 17.
    Maleki, H., Valizadeh, S., Koch, W., Bestavros, A., van Dijk, M.: Markov modeling of moving target defense games. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 81–92. ACM (2016)Google Scholar
  18. 18.
    Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Computing Surveys (CSUR) 45(3), 25 (2013)CrossRefGoogle Scholar
  19. 19.
    Miao, F., Zhu, Q., Pajic, M., Pappas, G.J.: A hybrid stochastic game for secure control of cyber-physical systems. Automatica 93, 55–63 (2018)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Pawlick, J., Colbert, E., Zhu, Q.: A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy. arXiv preprint arXiv:1712.05441 (2017)Google Scholar
  21. 21.
    Pawlick, J., Colbert, E., Zhu, Q.: Modeling and analysis of leaky deception using signaling games with evidence. arXiv preprint arXiv:1804.06831 (2018)Google Scholar
  22. 22.
    Pawlick, J., Zhu, Q.: Deception by design: evidence-based signaling games for network defense. arXiv preprint arXiv:1503.05458 (2015)Google Scholar
  23. 23.
    Pawlick, J., Zhu, Q.: A Mean-Field Stackelberg Game Approach for Obfuscation Adoption in Empirical Risk Minimization. arXiv preprint arXiv:1706.02693 (2017). URL
  24. 24.
    Pawlick, J., Zhu, Q.: Proactive defense against physical denial of service attacks using Poisson signaling games. In: International Conference on Decision and Game Theory for Security, pp. 336–356. Springer (2017)Google Scholar
  25. 25.
    Rass, S., Alshawish, A., Abid, M.A., Schauer, S., Zhu, Q., De Meer, H.: Physical intrusion games–optimizing surveillance by simulation and game theory. IEEE Access 5, 8394–8407 (2017)CrossRefGoogle Scholar
  26. 26.
    Ricker, N.L.: Tennessee Eastman Challenge Archive. (2013)
  27. 27.
    Xu, Z., Zhu, Q.: A Game-Theoretic Approach to Secure Control of Communication-Based Train Control Systems Under Jamming Attacks. In: Proceedings of the 1st International Workshop on Safe Control of Connected and Autonomous Vehicles, pp. 27–34. ACM (2017). URL
  28. 28.
    Zhang, T., Zhu, Q.: Strategic defense against deceptive civilian GPS spoofing of unmanned aerial vehicles. In: International Conference on Decision and Game Theory for Security, pp. 213–233. Springer (2017)Google Scholar
  29. 29.
    Zhu, Q., Başar, T.: Game-theoretic approach to feedback-driven multi-stage moving target defense. In: International Conference on Decision and Game Theory for Security, pp. 246–263. Springer (2013)Google Scholar
  30. 30.
    Zhu, Q., Clark, A., Poovendran, R., Basar, T.: Deployment and exploitation of deceptive honeybots in social networks. In: Decision and Control (CDC), 2013 IEEE 52nd Annual Conference on, pp. 212–219. IEEE (2013)Google Scholar
  31. 31.
    Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access 6, 13958–13971 (2018)CrossRefGoogle Scholar
  32. 32.
    Zhuang, J., Bier, V.M., Alagoz, O.: Modeling secrecy and deception in a multiple-period attacker–defender signaling game. European Journal of Operational Research 203(2), 409–418 (2010)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringNew York UniversityBrooklynUSA

Personalised recommendations