Abstract
A honeypot is a decoy computer system used in network security to waste the time and resources of attackers and to analyze their behaviors. While there has been significant research on how to design honeypot systems, less is known about how to use honeypots strategically in network defense. Based on formal deception games, we develop two game-theoretic models that provide insight into how valuable should honeypots look like to maximize the probability that a rational attacker will attack a honeypot. The first model captures a static situation and the second allows attackers to imperfectly probe some of the systems on the network to determine which ones are likely to be real systems (and not honeypots) before launching an attack. We formally analyze the properties of the optimal strategies in the games and provide linear programs for their computation. Finally, we present the optimal solutions for a set of instances of the games and evaluate their quality in comparison to several baselines.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)
Dornseif, M., Holz, T., Klein, C.N.: NoSEBrEaK - attacking honeynets. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 123–129 (June 2004)
Garg, N., Grosu, D.: Deception in Honeynets: A Game-Theoretic Analysis. In: IEEE Information Assurance Workshop, pp. 107–113 (2007)
McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: Software Tools for Game Theory. Technical report, Version 0.2010.09.01 (2010)
Wagener, G., State, R., Dulaunoy, A., Engel, T.: Self Adaptive High Interaction Honeypots Driven by Game Theory. In: Guerraoui, R., Petit, F. (eds.) SSS 2009. LNCS, vol. 5873, pp. 741–755. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-05118-0_51
Williamson, S.A., Varakantham, P., Hui, O.C., Gao, D.: Active Malware Analysis Using Stochastic Games. In: Proceedings of AAMAS, pp. 29–36 (2012)
Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. Security and Communication Networks 4(10), 1162–1172 (2011)
Hausken, K., Levitin, G.: Protection vs. false targets in series systems. Reliability Engineering & System Safety 94(5), 973–981 (2009)
Shoham, Y., Leyton-Brown, K.: Multiagent Systems: Algorithmic, Game-Theoretic, and Logical Foundations, pp. 130–144. Cambridge University Press (2009)
Paruchuri, P., Pearce, J., Marecki, J., Tambe, M., Ordonez, F., Kraus, S.: Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games. In: Proceedings of AAMAS, pp. 895–902 (2008)
Spencer, J.: A deception game. American Mathematical Monthly, 416–417 (1973)
Lee, K.: On a deception game with three boxes. Int. Jour. of Game Theory 22(2), 89–95 (1993)
Cohen, F.: A Mathematical Structure of Simple Defensive Network Deception. Computers & Security 19(6), 520–528 (2000)
von Stengel, B.: Efficient Computation of Behavior Strategies. Games and Economic Behavior 14(2), 220–246 (1996)
Koller, D., Megiddo, N., von Stengel, B.: Efficient Computation of Equilibria for Extensive Two-Person Games. Games and Economic Behavior 14(2), 247–259 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M. (2012). Game Theoretic Model of Strategic Honeypot Selection in Computer Networks. In: Grossklags, J., Walrand, J. (eds) Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science, vol 7638. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34266-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-34266-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34265-3
Online ISBN: 978-3-642-34266-0
eBook Packages: Computer ScienceComputer Science (R0)