Abstract
Defense-by-deception is an effective technique to address the asymmetry challenges in cyberwarfare. It allows for not only misleading attackers to non-harmful goals but also systematic depletion of attacker resources. In this paper, we developed a game theocratic framework that considersattribution, temptation andexpectation, as the major components for planning a successful deception plan. We developed as a case study a game strategy to proactively deceive remote fingerprinting attackers without causing significant performance degradation to benign clients. We model and analyze the interaction between a fingerprinter and a target as a signaling game. We derive the Nash equilibrium strategy profiles based on the information gain analysis. Based on our game results, we designDeceiveGame, a mechanism to prevent or to significantly slow down fingerprinting attacks. Our performance analysis shows thatDeceiveGame can reduce the probability of success of the fingerprinter significantly, without deteriorating the overall performance of other clients. Beyond the DeceiveGame application, our formal framework can be generally used to synthesize correct-by-construction cyber deception plans against other attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
The sender strategy profile\((a,b)\) means that it playsa for the type θ andb for the type\(1-\theta\). In case of the target,\((a,b)\) means that it playsa following theGreedy action andb following theNormal action of the sender.
References
Adrian. Osfuscate 0.3. 2008. Available inhttp://www.irongeek.com.
O. Arkin and F. Yarochkin. A fuzzy approach to remote active operating system fingerprinting. 2003. Available inhttp://www.sys-security.com/archive/papers/Xprobe2.pdf.
E. Al-Shaer, Q. Duan, and J. H. Jafarian. Random host mutation for moving target defense. InSECURECOMM, 2012.
Basil. Windivert 1.0: Windows packet divert. 2012. Available inhttp://reqrypt.org/windivert.html.
Fyodor. Remote os detection via tcp/ip fingerprinting (2nd generation). 2007. Available inhttp://insecure.org/nmap/osdetect/.
L. Greenwald and T. Thomas. Evaluating tests used in operating system fingerprinting. InLGS Bell Labs Innovations, 2007.
R. Gibbons. Game theory for applied economics. InPrinceton University Press, 1992.
J. Michalski. Network security mechanisms utilizing network address translation. InJournal of Critical Infrastructures, volume 2, 2006.
K. Poduri and K. Nichols. Simulation studies of increased initial tcp window size. InInternet Draft by IETF, 1998.
G. Prigent, F. Vichot, and F. Harroue. Ipmorph: Fingerprinting spoofing unification. InJournal in Computer Virology, volume 6, Oct 2009.
M. Rahman, M. Manshaei, and E. Al-Shaer. AQ2 A game-theoretic solution for counter-fingerprinting. Technical Report,2013. Available athttp://www.manshaei.org/files/TR-DeceiveGame.pdf.
Roualland and Jean-Marc Saffroy. Ip personality. 2001. Available inhttp://ippersonality.sourceforge.net.
M. Smart, G. R. Malan, and F. Jahanian. Defeating tcp/ip stack fingerprinting. InUSENIX Security, Aug 2000.
Tcp optimizer, speed guide. 2011. Available inhttp://www.speedguide.net/tcpoptimizer.php.
The internet traffic archive. 2008. Available inhttp://ita.ee.lbl.gov/html/traces.html.
K. Wang. Frustrating os fingerprinting with morph. 2004. Available inhttp://www.synacklabs.net/projects/morph/.
X. Zhang and L. Zheng. Delude remote operating system (os) scan by honeyd. InWorkshop on Computer Science and Engineering, Oct 2009.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Al-Shaer, E., Rahman, M. (2015). Attribution, Temptation, and Expectation: A Formal Framework for Defense-by-Deception in Cyberwarfare. In: Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Warfare. Advances in Information Security, vol 56. Springer, Cham. https://doi.org/10.1007/978-3-319-14039-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-14039-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14038-4
Online ISBN: 978-3-319-14039-1
eBook Packages: Computer ScienceComputer Science (R0)