Cyber Camouflage Games for Strategic Deception

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11836)


The rapid increase in cybercrime, causing a reported annual economic loss of $600 billion (Lewis 2018), has prompted a critical need for effective cyber defense. Strategic criminals conduct network reconnaissance prior to executing attacks to avoid detection and establish situational awareness via scanning and fingerprinting tools. Cyber deception attempts to foil these reconnaissance efforts by camouflaging network and system attributes to disguise valuable information. Game-theoretic models can identify decisions about strategically deceiving attackers, subject to domain constraints. For effectively deploying an optimal deceptive strategy, modeling the objectives and the abilities of the attackers, is a key challenge. To address this challenge, we present Cyber Camouflage Games (CCG), a general-sum game model that captures attackers which can be diversely equipped and motivated. We show that computing the optimal defender strategy is NP-hard even in the special case of unconstrained CCGs, and present an efficient approximate solution for it. We further provide an MILP formulation accelerated with cut-augmentation for the general constrained problem. Finally, we provide experimental evidence that our solution methods are efficient and effective.


Game theory Cyber deception Optimization 



This research was sponsored by the Army Research Office (grant W911NF-17-1-0370) and also in part by National Science Foundation (grant IIS-1850477) and Army Reserch Lab’s Cyber Security CRA (grant W911NF-13-2-00).


  1. Achleitner, S., La Porta, T., McDaniel, P., Sugrim, S., Krishnamurthy, S.V., Chadha, R.: Cyber deception: virtual networks to defend insider reconnaissance. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Threats, pp. 57–68. ACM (2016)Google Scholar
  2. Albanese, M., Battista, E., Jajodia, S., Casola, V.: Manipulating the attacker’s view of a system’s attack surface. In: 2014 IEEE Conference on Communications and Network Security (CNS), pp. 472–480. IEEE (2014)Google Scholar
  3. Albanese, M., Battista, E., Jajodia, S.: Deceiving attackers by creating a virtual attack surface. In: Jajodia, S., Subrahmanian, V.S.S., Swarup, V., Wang, C. (eds.) Cyber Deception, pp. 169–201. Springer, Cham (2016). Scholar
  4. Alpcan, T., Başar, T.: Network security: a decision and game-theoretic approach (2010)Google Scholar
  5. Arkin, O., Yarochkin, F.: A fuzzy approach to remote active operating system fingerprinting (2003).
  6. Auffret, P.: SinFP, unification of active and passive operating system fingerprinting. J. Comput. Virol. 6(3), 197–205 (2010). Scholar
  7. Berrueta, D.B.: A practical approach for defeating Nmap OS-fingerprinting (2003)Google Scholar
  8. Breton, M., Alj, A., Haurie, A.: Sequential Stackelberg equilibria in two-person games. J. Optim. Theory Appl. (1988). Scholar
  9. Chadha, R., et al.: Cybervan: a cyber security virtual assured network testbed. In: MILCOM 2016–2016 IEEE Military Communications Conference (2016).
  10. De Gaspari, F., Jajodia, S., Mancini, L.V., Panico, A.: Ahead: a new architecture for active defense. In: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense (2016)Google Scholar
  11. Durkota, K., Lisỳ, V., Bosanskỳ, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. In: IJCAI (2015)Google Scholar
  12. Ferguson-Walter, K., LaFon, D., Shade, T.: Friend or faux: deception for cyber defense. J. Inf. Warfare 16, 28–42 (2017)Google Scholar
  13. Goel, V., Perlroth, N.: Yahoo Says 1 Billion User Accounts Were Hacked (2016).
  14. Guo, Q., Gan, J., Fang, F., Tran-Thanh, L., Tambe, M., An, B.: On the inducibility of Stackelberg equilibrium for security games. CoRR abs/1811.03823 (2018)Google Scholar
  15. Gutzmer, I.: Equifax Announces Cybersecurity Incident Involving Consumer Information (2017).
  16. Jiang, A.X., Chan, H., Leyton-Brown, K.: Resource graph games: a compact representation for games with structured strategy spaces. In: AAAI (2017)Google Scholar
  17. Joyce, R.: Disrupting nation state hackers. USENIX Association, San Francisco, CA (2016)Google Scholar
  18. Kiekintveld, C., Marecki, J., Tambe, M.: Approximation methods for infinite Bayesian Stackelberg games: modeling distributional payoff uncertainty. In: AAMAS (2011).
  19. Kiekintveld, C., Islam, T., Kreinovich, V.: Security games with interval uncertainty. In: AAMAS (2013)Google Scholar
  20. Laszka, A., Vorobeychik, Y., Koutsoukos, X.D.: Optimal personalized filtering against spear-phishing attacks. In: AAAI (2015)Google Scholar
  21. Lewis, J.: Economic impact of cybercrime (2018).
  22. Lyon, G.F.: Nmap network scanning: the official Nmap project guide to network discovery and security scanning (2009)Google Scholar
  23. MacFarland, D.C., Shue, C.A.: The SDN shuffle: creating a moving-target defense using host-based software-defined networking. In: Proceedings of the Second ACM Workshop on Moving Target Defense, pp. 37–41. ACM (2015)Google Scholar
  24. Mandiant: APT1: Exposing one of China’s cyber espionage units (2013)Google Scholar
  25. Nguyen, T.H., Yadav, A., An, B., Tambe, M., Boutilier, C.: Regret-based optimization and preference elicitation for Stackelberg security games with uncertainty. In: AAAI (2014).
  26. Peterson, A.: OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought (2015).
  27. Pıbil, R., Lisỳ, V., Kiekintveld, C., Bošanskỳ, B., Pechoucek, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012). Scholar
  28. Pita, J., Jain, M., Tambe, M., Ordóñez, F., Kraus, S.: Robust solutions to Stackelberg games. Artif. Intell. 174(15), 1142–1171 (2010). Scholar
  29. Rahman, M.A., Manshaei, M.H., Al-Shaer, E.: A game-theoretic approach for deceiving remote operating system fingerprinting. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 73–81 (2013)Google Scholar
  30. Schlenker, A., et al.: Don’t bury your head in warnings: a game-theoretic approach for intelligent allocation of cyber-security alerts (2017)Google Scholar
  31. Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: AAMAS (2018).
  32. Serra, E., Jajodia, S., Pugliese, A., Rullo, A., Subrahmanian, V.: Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(3), 11 (2015)CrossRefGoogle Scholar
  33. Sinha, A., Malo, P., Deb, K.: A review on bilevel optimization: from classical to evolutionary approaches and applications. IEEE Trans. Evol. Comput. 22(2), 276–295 (2018). Scholar
  34. von Stengel, B., Zamir, S.: Leadership with commitment to mixed strategies. Technical report (2004)Google Scholar
  35. Tambe, M.: Security and game theory: algorithms, deployed systems, lessons learned (2011)Google Scholar
  36. Thinkst: Canary (2015).
  37. Tijs, S.H.: Nash equilibria for noncooperative n-person games in normal form. SIAM Rev. (1981).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of Southern CaliforniaLos AngelesUSA
  2. 2.University of VirginiaCharlottesvilleUSA
  3. 3.University of Texas at El PasoEl PasoUSA
  4. 4.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations