Conventional security mechanisms, such as access control mechanisms and intrusion detection systems, help deal with outside and inside threats but inadequately resist attackers subverting controls or posing new attacks. Deception is a third line of defense aiming to thwart potential attackers. The key idea of deception is to manipulate an attacker’s beliefs to mislead their decision making, inducing them to act suboptimally. Although game-theoretic approaches have been extensively explored for defensive deception, how to mislead an attacker’s belief by deception has not been investigated. Specifically, conventional game theory assumes that all players play the same game whereas in real life an attacker and defender may have different views of their conflict. Hypergame Theory (HT) has been applied to solve dynamic decision making accommodating uncertainty, incomplete information, and bounded rationality. HT is well-suited to modeling attack-defense interactions and has been applied to conflicts in adversarial settings. However, hy pergame theory has not been leveraged for designing and analyzing defensive deception. We propose to apply defensive deception in tactical networks characterized by severe resource constraints, high operational tempo, high hostility, and the nature of distributed components, where an attacker and defender play a hypergame with a different view based on their learning and sub jective beliefs. Specifically, we propose to develop a suite of effective and efficient deception techniques that can control an attacker’s belief and maximally mislead its decision making in carrying out its attack. To this end, we identify three research tasks: (1) design and analyze an attack-defense hypergame using defensive deception techniques developed based on objectives, effectiveness, and risk along with an attack-defense tree to derive attack and defense strategies; (2) develop strategy selection algorithms where the attacker and defender’s beliefs and utilities are dynamically estimated under uncertainty; and (3) validate the performance of the proposed deception techniques based on cross-validation using multiple evaluation methods and realistic tactical application scenarios.
Foureye: Defensive Deception Against Advanced Persistent Threats via Hypergame Theory
Link: https://ieeexplore.ieee.org/abstract/document/9559403
A Survey of Defensive Deception: Approaches Using Game Theory and Machine Learning
Link: https://ieeexplore.ieee.org/abstract/document/9508449
Existing defensive deception (DD) approaches apply game theory, assuming that an attacker and defender play the same, full game with all possible strategies. However, in deceptive settings, players may have different beliefs about the game itself. Such structural uncertainty is not naturally handled in traditional game theory. In this work, we formulate an attack-defense hypergame where multiple advanced persistent threat (APT) attackers and a single defender play a repeated game with different perceptions. The hypergame model systematically evaluates how various DD strategies can defend proactively against APT attacks. We present an adaptive method to select an optimal defense strategy using hypergame theory for strategic defense as well as machine learning for adaptive defense. We conducted in-depth experiments to analyze the performance of the eight schemes including ours, baselines, and existing counterparts. We found the DD strategies showed their highest advantages when the hypergame and machine learning are considered in terms of reduced false positives and negatives of the NIDS, system lifetime, and players’ perceived uncertainties and utilities. We also analyze the Hyper Nash Equilibrium of given hypergames and discuss the key findings and insights behind them.
Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception
Link: https://ieeexplore.ieee.org/abstract/document/10040491
Systems of Unmanned Aerial Vehicles (UAVs) or drones are valuable for mission-critical systems aiming for surveillance, searching, rescuing, or delivery. Not surprisingly, such systems attract cyberattacks, including Denial-of-Service (DoS) attacks to overwhelm the resources of a mission drone (MD). How can we defend such UAV-based mission systems against DoS attacks? We adopt a cyber deception as a defense strategy in which honey drones (HDs) equipped with lightweight virtual machines can bait and divert potential DoS attacks. The attack and the deceptive defense hinge upon radio signal strength: The attacker selects potential victim MDs based on their signals, and an HD attracts the attacker from afar by emitting a stronger signal. However, a strong signal reduces battery life. We formulate an optimization problem for the attacker and defender to identify their respective strategies to meet system goals, such as maximizing mission performance while minimizing energy consumption. We propose a novel approach, called HT-DRL, to compute optimal strategies under uncertainty based on deep reinforcement learning (DRL) guided by hypergame theory (HT). This will achieve a systematic way to intelligibly deceive DoS attackers. We experimentally analyze the performance of diverse defense mechanisms under different attack strategies. While traditional DRL approaches can reach better solutions with a long convergence time, HT-DRL is effective early in the training period, resulting in a significant reduction of convergence time. Further, the HT-DRL-based honey drone approach outperforms existing non-HD counterparts up to two times better in mission performance while incurring significantly low energy consumption when attackers use diverse ways to choose their strategies.
(Submitted to IEEE TDSC)
This work is partly supported by the Army Research Office under Grant Contract Number W911NF-20-2-0140. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Office or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein.