Abstract
The rapid increase in cybercrime, causing a reported annual economic loss of $600 billion (Lewis 2018), has prompted a critical need for effective cyber defense. Strategic criminals conduct network reconnaissance prior to executing attacks to avoid detection and establish situational awareness via scanning and fingerprinting tools. Cyber deception attempts to foil these reconnaissance efforts by camouflaging network and system attributes to disguise valuable information. Game-theoretic models can identify decisions about strategically deceiving attackers, subject to domain constraints. For effectively deploying an optimal deceptive strategy, modeling the objectives and the abilities of the attackers, is a key challenge. To address this challenge, we present Cyber Camouflage Games (CCG), a general-sum game model that captures attackers which can be diversely equipped and motivated. We show that computing the optimal defender strategy is NP-hard even in the special case of unconstrained CCGs, and present an efficient approximate solution for it. We further provide an MILP formulation accelerated with cut-augmentation for the general constrained problem. Finally, we provide experimental evidence that our solution methods are efficient and effective.
Keywords
- Game theory
- Cyber deception
- Optimization
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
The additional constant M can be simply replaced by \(\max _{i, i'} |v^\mathrm{a}_i- v^\mathrm{a}_{i'}|\) and \(\max _{i, i'} |v^\mathrm{d}_i- v^\mathrm{d}_{i'}|\) resp. in the 3rd, 4th constraints.
References
Achleitner, S., La Porta, T., McDaniel, P., Sugrim, S., Krishnamurthy, S.V., Chadha, R.: Cyber deception: virtual networks to defend insider reconnaissance. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Threats, pp. 57–68. ACM (2016)
Albanese, M., Battista, E., Jajodia, S., Casola, V.: Manipulating the attacker’s view of a system’s attack surface. In: 2014 IEEE Conference on Communications and Network Security (CNS), pp. 472–480. IEEE (2014)
Albanese, M., Battista, E., Jajodia, S.: Deceiving attackers by creating a virtual attack surface. In: Jajodia, S., Subrahmanian, V.S.S., Swarup, V., Wang, C. (eds.) Cyber Deception, pp. 169–201. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32699-3_8
Alpcan, T., Başar, T.: Network security: a decision and game-theoretic approach (2010)
Arkin, O., Yarochkin, F.: A fuzzy approach to remote active operating system fingerprinting (2003). http://www.syssecurity.com/archive/papers/Xprobe2.pdf
Auffret, P.: SinFP, unification of active and passive operating system fingerprinting. J. Comput. Virol. 6(3), 197–205 (2010). https://doi.org/10.1007/s11416-008-0107-z
Berrueta, D.B.: A practical approach for defeating Nmap OS-fingerprinting (2003)
Breton, M., Alj, A., Haurie, A.: Sequential Stackelberg equilibria in two-person games. J. Optim. Theory Appl. (1988). https://doi.org/10.1007/BF00939867
Chadha, R., et al.: Cybervan: a cyber security virtual assured network testbed. In: MILCOM 2016–2016 IEEE Military Communications Conference (2016). https://doi.org/10.1109/MILCOM.2016.7795481
De Gaspari, F., Jajodia, S., Mancini, L.V., Panico, A.: Ahead: a new architecture for active defense. In: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense (2016)
Durkota, K., Lisỳ, V., Bosanskỳ, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. In: IJCAI (2015)
Ferguson-Walter, K., LaFon, D., Shade, T.: Friend or faux: deception for cyber defense. J. Inf. Warfare 16, 28–42 (2017)
Goel, V., Perlroth, N.: Yahoo Says 1 Billion User Accounts Were Hacked (2016). https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html
Guo, Q., Gan, J., Fang, F., Tran-Thanh, L., Tambe, M., An, B.: On the inducibility of Stackelberg equilibrium for security games. CoRR abs/1811.03823 (2018)
Gutzmer, I.: Equifax Announces Cybersecurity Incident Involving Consumer Information (2017). https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628
Jiang, A.X., Chan, H., Leyton-Brown, K.: Resource graph games: a compact representation for games with structured strategy spaces. In: AAAI (2017)
Joyce, R.: Disrupting nation state hackers. USENIX Association, San Francisco, CA (2016)
Kiekintveld, C., Marecki, J., Tambe, M.: Approximation methods for infinite Bayesian Stackelberg games: modeling distributional payoff uncertainty. In: AAMAS (2011). http://dl.acm.org/citation.cfm?id=2034396.2034412
Kiekintveld, C., Islam, T., Kreinovich, V.: Security games with interval uncertainty. In: AAMAS (2013)
Laszka, A., Vorobeychik, Y., Koutsoukos, X.D.: Optimal personalized filtering against spear-phishing attacks. In: AAAI (2015)
Lewis, J.: Economic impact of cybercrime (2018). https://www.csis.org/analysis/economic-impact-cybercrime
Lyon, G.F.: Nmap network scanning: the official Nmap project guide to network discovery and security scanning (2009)
MacFarland, D.C., Shue, C.A.: The SDN shuffle: creating a moving-target defense using host-based software-defined networking. In: Proceedings of the Second ACM Workshop on Moving Target Defense, pp. 37–41. ACM (2015)
Mandiant: APT1: Exposing one of China’s cyber espionage units (2013)
Nguyen, T.H., Yadav, A., An, B., Tambe, M., Boutilier, C.: Regret-based optimization and preference elicitation for Stackelberg security games with uncertainty. In: AAAI (2014). http://dl.acm.org/citation.cfm?id=2893873.2893991
Peterson, A.: OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought (2015). https://www.washingtonpost.com/news/the-switch/wp/2015/09/23/opm-now-says-more-than-five-million-fingerprints-compromised-in-breaches
Pıbil, R., Lisỳ, V., Kiekintveld, C., Bošanskỳ, B., Pechoucek, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_12
Pita, J., Jain, M., Tambe, M., Ordóñez, F., Kraus, S.: Robust solutions to Stackelberg games. Artif. Intell. 174(15), 1142–1171 (2010). https://doi.org/10.1016/j.artint.2010.07.002
Rahman, M.A., Manshaei, M.H., Al-Shaer, E.: A game-theoretic approach for deceiving remote operating system fingerprinting. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 73–81 (2013)
Schlenker, A., et al.: Don’t bury your head in warnings: a game-theoretic approach for intelligent allocation of cyber-security alerts (2017)
Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: AAMAS (2018). http://dl.acm.org/citation.cfm?id=3237383.3237833
Serra, E., Jajodia, S., Pugliese, A., Rullo, A., Subrahmanian, V.: Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(3), 11 (2015)
Sinha, A., Malo, P., Deb, K.: A review on bilevel optimization: from classical to evolutionary approaches and applications. IEEE Trans. Evol. Comput. 22(2), 276–295 (2018). https://doi.org/10.1109/TEVC.2017.2712906
von Stengel, B., Zamir, S.: Leadership with commitment to mixed strategies. Technical report (2004)
Tambe, M.: Security and game theory: algorithms, deployed systems, lessons learned (2011)
Thinkst: Canary (2015). https://canary.tools/
Tijs, S.H.: Nash equilibria for noncooperative n-person games in normal form. SIAM Rev. (1981). http://www.jstor.org/stable/2029993
Acknowledgements
This research was sponsored by the Army Research Office (grant W911NF-17-1-0370) and also in part by National Science Foundation (grant IIS-1850477) and Army Reserch Lab’s Cyber Security CRA (grant W911NF-13-2-00).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Complete MILP formulation for OP (2)
We let \(\underline{v}^\mathrm{d}\), \(\overline{v}^\mathrm{d}\) denote the least and the highest defender valuations, and similarly, \(\underline{v}^\mathrm{a}\), \(\overline{v}^\mathrm{a}\) the least and the highest attacker valuations. To linearize, we let the variables \(X_{kj}\), \(Y_{kj}\), and \(Z_{kj}\) represent the bilinear terms \((1 - q_j)\varTheta _{kj}\), \(\alpha \varTheta _{kj}\), and \(\gamma \varTheta _{kj}\) respectively and add liner constraints which enforce the appropriate product value to them. The resultant MILP is as follows.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Thakoor, O., Tambe, M., Vayanos, P., Xu, H., Kiekintveld, C., Fang, F. (2019). Cyber Camouflage Games for Strategic Deception. In: Alpcan, T., Vorobeychik, Y., Baras, J., Dán, G. (eds) Decision and Game Theory for Security. GameSec 2019. Lecture Notes in Computer Science(), vol 11836. Springer, Cham. https://doi.org/10.1007/978-3-030-32430-8_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-32430-8_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32429-2
Online ISBN: 978-3-030-32430-8
eBook Packages: Computer ScienceComputer Science (R0)