Abstract
Identifying the actual adversarial threat against a system vulnerability has been a long-standing challenge for cybersecurity research. To determine an optimal strategy for the defender, game-theoretic based decision models have been widely used to simulate the real-world attacker-defender scenarios while taking the defender’s constraints into consideration. In this work, we focus on understanding human attacker behaviors in order to optimize the defender’s strategy. To achieve this goal, we model attacker-defender engagements as Markov Games and search for their Bayesian Stackelberg Equilibrium. We validate our modeling approach and report our empirical findings using a Capture-The-Flag (CTF) setup, and we conduct user studies on adversaries with varying skill-levels. Our studies show that application-level deceptions are an optimal mitigation strategy against targeted attacks—outperforming classic cyber-defensive maneuvers, such as patching or blocking network requests. We use this result to further hypothesize over the attacker’s behaviors when trapped in an embedded honeypot environment and present a detailed analysis of the same.
S. Bhambri and P. Chauhan—These authors contributed equally to this work.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abbasi, Y., et al.: Know your adversary: insights for a better adversarial behavioral model. In: CogSci (2016)
Conitzer, V., Sandholm, T.: Computing the optimal strategy to commit to. In: Proceedings of the 7th ACM Conference on Electronic Commerce, pp. 82–90 (2006)
Heckman, K.E., Stech, F.J., Thomas, R.K., Schmoker, B., Tsow, A.W.: Cyber denial, deception and counter deception: a framework for supporting active cyber defense. Adv. Inf. Secur. 64 (2015)
Araujo, F., Hamlen, K.W., Biedermann, S., Katzenbeisser, S.: From patches to honey-patches: lightweight attacker misdirection, deception, and disinformation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 942–953 (2014)
Araujo, F., Sengupta, S., Jang, J., Doupé, A., Hamlen, K.W., Kambhampati, S.: Software deception steering through version emulation. In: HICSS, pp. 1–10 (2021)
Han, X., Kheir, N., Balzarotti, D.: Deception techniques in computer security: a research perspective. ACM Comput. Surv. 51(4), 1–36 (2018)
Almeshekah, M.H., Spafford, E.H.: Planning and integrating deception into computer security defenses. In: Proceedings of the New Security Paradigms Workshop, pp. 127–138 (2014)
Araujo, F., Hamlen, K.W.: Embedded honeypotting. In: Jajodia, S., Subrahmanian, V.S.S., Swarup, V., Wang, C. (eds.) Cyber Deception, pp. 203–233. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32699-3_9
Sengupta, S., Chowdhary, A., Huang, D., Kambhampati, S.: General sum Markov games for strategic detection of advanced persistent threats using moving target defense in cloud networks. In: Alpcan, T., Vorobeychik, Y., Baras, J.S., Dán, G. (eds.) GameSec 2019. LNCS, vol. 11836, pp. 492–512. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32430-8_29
Trickel, E., et al.: Shell we play a game? CTF-as-a-service for security education. In: 2017 USENIX Workshop on Advances in Security Education (ASE 17), Vancouver, BC (2017)
Vigna, G., et al.: Ten years of iCTF: the good, the bad, and the ugly. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education, 3GSE 2014 (2014)
Araujo, F., Taylor, T.: Improving cybersecurity hygiene through JIT patching. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1421–1432 (2020)
Taylor, T., Araujo, F., Shu, X.: Towards an open format for scalable system telemetry. In: 2020 IEEE International Conference on Big Data (Big Data), pp. 1031–1040 (2020)
SysFlow. Cloud-native system telemetry pipeline (2022). https://github.com/sysflow-telemetry
Araujo, F., Taylor, T.: A pluggable edge-processing pipeline for SysFlow. In FloCon (2021)
Durkota, K., Lisỳ, V., Bošanskỳ, B., Kiekintveld, C.: Optimal network security hardening using attack graph games. In: Twenty-Fourth International Joint Conference on Artificial Intelligence (2015)d
Letchford, J., Vorobeychik, Y.: Optimal interdiction of attack plans. In: AAMAS, pp. 199–206. Citeseer (2013)
Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020)
Basak, A., et al.: An initial study of targeted personality models in the FlipIt game. In: Bushnell, L., Poovendran, R., Başar, T. (eds.) GameSec 2018. LNCS, vol. 11199, pp. 623–636. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01554-1_36
Littman, M.L.: Markov games as a framework for multi-agent reinforcement learning. In: Machine Learning Proceedings 1994, pp. 157–163. Elsevier (1994)
Zhuang, R., Deloach, S., Ou, X.: Towards a theory of moving target defense. In: 2014 Proceedings of the ACM Conference on Computer and Communications Security, pp. 31–40 (2014)
Taguinod, M., Doupé, A., Zhao, Z., Ahn, G.-J.: Toward a moving target defense for web applications. In: 2015 IEEE International Conference on Information Reuse and Integration, pp. 510–517 (2015)
Winterrose, M.L., Carter, K.M., Wagner, N., Streilein, W.W.: Adaptive attacker strategy development against moving target cyber defenses. In: Shandilya, S.K., Wagner, N., Nagar, A.K. (eds.) Advances in Cyber Security Analytics and Decision Systems. EICC, pp. 1–14. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-19353-9_1
Galinkin, E., Carter, J., Mancoridis, S.: Evaluating attacker risk behavior in an internet of things ecosystem. In: Bošanský, B., Gonzalez, C., Rass, S., Sinha, A. (eds.) GameSec 2021. LNCS, vol. 13061, pp. 354–364. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90370-1_19
Zychowski, A., Mandziuk, J.: Learning attacker’s bounded rationality model in security games. CoRR, abs/2109.13036 (2021)
Do, C.T., et al.: Game theory for cyber security and privacy. ACM Comput. Surv. 50(2), 1–37 (2017)
Stransky, C., et al.: Lessons learned from using an online platform to conduct \(\{\)Large-Scale\(\}\), online controlled security experiments with software developers. In: 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 2017) (2017)
Schwab, S., Kline, E.: Cybersecurity experimentation at program scale: guidelines and principles for future testbeds. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 94–102. IEEE (2019)
Salem, M.B., Stolfo, S.J.: On the design and execution of \(\{\)Cyber-Security\(\}\) user studies: methodology, challenges, and lessons learned. In: 4th Workshop on Cyber Security Experimentation and Test (CSET 2011) (2011)
Salah, K., Hammoud, M., Zeadally, S.: Teaching cybersecurity using the cloud. IEEE Trans. Learn. Technol. 8(4), 383–392 (2015)
Mirkovic, J., Benzel, T.: Teaching cybersecurity with DeterLab. IEEE Secur. Priv. 10(1), 73–76 (2012)
Mäses, S., Kikerpill, K., Jüristo, K., Maennel, O.: Mixed methods research approach and experimental procedure for measuring human factors in cybersecurity using phishing simulations. In: 18th European Conference on Research Methodology for Business and Management Studies, p. 218 (2019)
Kavak, H., Padilla, J.J., Vernon-Bido, D., Gore, R., Diallo, S.: A characterization of cybersecurity simulation scenarios. In: SpringSim (CNS) (2016)
Aljohani, A., Jones, J.: Conducting malicious cybersecurity experiments on crowdsourcing platforms. In: The 2021 3rd International Conference on Big Data Engineering, pp. 150–161 (2021)
Sommestad, T., Hallberg, J.: Cyber security exercises and competitions as a platform for cyber security experiments. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 47–60. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34210-3_4
Acknowledgements
This work was supported in part by U.S. ACC-APG/DARPA award W912CG-19-C-0003 and the U.S. Army Research Laboratory under Cooperative Agreement Number W911NF-13-2-0045. Any opinions, recommendations, or conclusions expressed are those of the authors and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. Approved for Public Release, Distribution Unlimited. We would also like to thank Sailik Sengupta for his useful insights, helpful discussions and feedback on this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bhambri, S., Chauhan, P., Araujo, F., Doupé, A., Kambhampati, S. (2023). Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment. In: Fang, F., Xu, H., Hayel, Y. (eds) Decision and Game Theory for Security. GameSec 2022. Lecture Notes in Computer Science, vol 13727. Springer, Cham. https://doi.org/10.1007/978-3-031-26369-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-26369-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26368-2
Online ISBN: 978-3-031-26369-9
eBook Packages: Computer ScienceComputer Science (R0)