Abstract
A great deal of effort is devoted to detecting the presence of cyber attacks, so that defenders can respond to protect the network and mitigate the damage of the attack. Going beyond detection, identifying in as much detail as possible what specific type of attacker the defender is facing (e.g., what their goals, capabilities, and tactics are) can lead to even better defensive strategies and may be able to help with eventual attribution of attacks. However, attackers may wish to avoid both detection and identification, blending in or appearing to be a different type of attacker. We present a game-theoretic approach for optimizing defensive deception actions (e.g., honeypots) with the specific goal of identifying specific attackers as early as possible in an attack. We present case studies showing how this approach works, and initial simulation results from a general model that captures this problem.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
APT34. https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
APT37 (REAPER). https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf. Accessed 03 June 2019
APT38, Un-usual Suspects. https://content.fireeye.com/apt/rpt-apt38
APT40. https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html. Accessed 03 June 2019
Defense Evasion. https://attack.mitre.org/tactics/TA0005/
Enterprise Tactics. https://attack.mitre.org/tactics/enterprise/
Initial Access. https://attack.mitre.org/tactics/TA0001/
Lateral Movement. https://attack.mitre.org/tactics/TA0008/
M-Trends 2019. https://content.fireeye.com/m-trends. Accessed 04 June 2019
Durkota, K., Lisỳ, V., Bošanskỳ, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. In: Twenty-Fourth International Joint Conference on Artificial Intelligence (2015)
Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 121–130. IEEE (2006)
Kreibich, C., Crowcroft, J.: Honeycomb: creating intrusion detection signatures using honeypots. ACM SIGCOMM Comput. Commun. Rev. 34(1), 51–56 (2004)
Nicholson, A., Watson, T., Norris, P., Duffy, A., Isbell, R.: A taxonomy of technical attribution techniques for cyber attacks. In: European Conference on Information Warfare and Security, p. 188. Academic Conferences International Limited (2012)
Noel, S., Jajodia, S.: Optimal ids sensor placement and alert prioritization using attack graphs. J. Netw. Syst. Manag. 16(3), 259–275 (2008)
Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345. ACM (2006)
Raynal, F., Berthier, Y., Biondi, P., Kaminsky, D.: Honeypot forensics. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 22–29. IEEE (2004)
Raynal, F., Berthier, Y., Biondi, P., Kaminsky, D.: Honeypot forensics, part II: analyzing the compromised host. IEEE Secur. Priv. 2(5), 77–80 (2004)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273–284. IEEE (2002)
Spitzner, L.: Honeypots: Tracking Hackers, vol. 1. Addison-Wesley Reading (2003)
Tsagourias, N.: Cyber attacks, self-defence and the problem of attribution. J. Conflict Secur. Law 17(2), 229–244 (2012)
Wheeler, D.A., Larsen, G.N.: Techniques for cyber attack attribution. Technical report, Institute for Defense Analyses (2003)
Acknowledgment
This research was sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Basak, A., Kamhoua, C., Venkatesan, S., Gutierrez, M., Anwar, A.H., Kiekintveld, C. (2019). Identifying Stealthy Attackers in a Game Theoretic Framework Using Deception. In: Alpcan, T., Vorobeychik, Y., Baras, J., Dán, G. (eds) Decision and Game Theory for Security. GameSec 2019. Lecture Notes in Computer Science(), vol 11836. Springer, Cham. https://doi.org/10.1007/978-3-030-32430-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-32430-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32429-2
Online ISBN: 978-3-030-32430-8
eBook Packages: Computer ScienceComputer Science (R0)