SpringerLink
Log in

Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach

  • Conference paper
  • First Online:
Decision and Game Theory for Security (GameSec 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14167))

Included in the following conference series:

  • 320 Accesses

Abstract

Honeypots play a crucial role in implementing various cyber deception techniques as they possess the capability to divert attackers away from valuable assets. Careful strategic placement of honeypots in networks should consider not only network aspects but also attackers’ preferences. The allocation of honeypots in tactical networks under network mobility is of great interest. To achieve this objective, we present a game-theoretic approach that generates optimal honeypot allocation strategies within an attack/defense scenario. Our proposed approach takes into consideration the changes in network connectivity. In particular, we introduce a two-player dynamic game model that explicitly incorporates the future state evolution resulting from changes in network connectivity. The defender’s objective is twofold: to maximize the likelihood of the attacker hitting a honeypot and to minimize the cost associated with deception and reconfiguration due to changes in network topology. We present an iterative algorithm to find Nash equilibrium strategies and analyze the scalability of the algorithm. Finally, we validate our approach and present numerical results based on simulations, demonstrating that our game model successfully enhances network security. Additionally, we have proposed additional enhancements to improve the scalability of the proposed approach.

Distribution Statement A: Approved for public release. Distribution is unlimited. Research was sponsored by the DEVCOM Army Research Laboratory and was accomplished under Cooperative Agreement Numbers W911NF-23-2-0012 and W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Non-leaf nodes can be predecessor of at least one node.

References

  1. Mandiant Intelligence Center. Apt1: Exposing one of China’s cyber espionage units. Mandian.com (2013)

    Google Scholar 

  2. Abuzainab, N., Saad, W.: Dynamic connectivity game for adversarial internet of battlefield things systems. IEEE Internet Things J. 5(1), 378–390 (2017)

    Article  Google Scholar 

  3. Burbank, J.L., Chimento, P.F., Haberman, B.K., Kasch, W.T.: Key challenges of military tactical networking and the elusive promise of manet technology. IEEE Commun. Mag. 44(11), 39–45 (2006)

    Article  Google Scholar 

  4. Jammal, M., Singh, T., Shami, A., Asal, R., Li, Y.: Software defined networking: state of the art and research challenges. Comput. Netw. 72, 74–98 (2014)

    Article  Google Scholar 

  5. National Science Foundation. Advances in computer mobility, connectivity and networks. https://new.nsf.gov/news/advances-computer-mobility-connectivity-networks. Accessed Jan 2023

  6. Wang, C., Zhuo, L.: Cyber deception: overview and the road ahead. IEEE Secur. Priv. 16(2), 80–85 (2018)

    Article  Google Scholar 

  7. Mokube, I., Adams, M.: Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference, pp. 321–326 (2007)

    Google Scholar 

  8. Littman, M.L.: Markov games as a framework for multi-agent reinforcement learning. In: Machine Learning Proceedings 1994, pp. 157–163. Elsevier (1994)

    Google Scholar 

  9. Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020)

    Article  MathSciNet  Google Scholar 

  10. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345 (2006)

    Google Scholar 

  11. Schlenker, A., Thakoor, O., Xu, H., Fang, F., Tambe, M., Vayanos, P.: Game theoretic cyber deception to foil adversarial network reconnaissance. In: Jajodia, S., Cybenko, G., Subrahmanian, V.S., Swarup, V., Wang, C., Wellman, M. (eds.) Adaptive Autonomous Secure Cyber Systems, pp. 183–204. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-33432-1_9

    Chapter  Google Scholar 

  12. Fraser, N.M., Hipel, K.W.: Conflict Analysis: Models and Resolutions. North-Holland (1984)

    Google Scholar 

  13. Wan, Z., Cho, J.-H., Zhu, M., Anwar, A.H., Kamhoua, C., Singh, M.P.: Foureye: defensive deception against advanced persistent threats via hypergame theory. IEEE Trans. Netw. Serv. Manag. 19(1), 112–129 (2021)

    Article  Google Scholar 

  14. Sayed, M.A., Anwar, A.H., Kiekintveld, C., Bosansky, B., Kamhoua, C.: Cyber deception against zero-day attacks: a game theoretic approach. In: Fang, F., Xu, H., Hayel, Y. (eds.) GameSec 2022. LNCS, vol. 13727, pp. 44–63. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-26369-9_3

    Chapter  Google Scholar 

  15. Zhu, M., Anwar, A.H., Wan, Z., Cho, J.-H., Kamhoua, C.A., Singh, M.P.: A survey of defensive deception: approaches using game theory and machine learning. IEEE Commun. Surv. Tutor. 23(4), 2460–2493 (2021)

    Article  Google Scholar 

  16. Mahmud, S., et al.: Machine learning approaches for predicting suicidal behaviors among university students in Bangladesh during the COVID-19 pandemic: a cross-sectional study. Medicine 102(28), e34285 (2023)

    Article  Google Scholar 

  17. Raju, M.A., Mia, M.S., Sayed, M.A., Uddin, M.R.: Predicting the outcome of English premier league matches using machine learning. In: 2020 2nd International Conference on Sustainable Technologies for Industry 4.0 (STI), pp. 1–6. IEEE (2020)

    Google Scholar 

  18. Lu, Z., Wang, C., Zhao, S.: Cyber deception for computer and network security: survey and challenges. ar**v preprint ar**v:2007.14497 (2020)

  19. Chiang, C.-Y.J., et al.: On defensive cyber deception: a case study using SDN. In: MILCOM 2018–2018 IEEE Military Communications Conference (MILCOM), pp. 110–115. IEEE (2018)

    Google Scholar 

  20. Urias, V.E., Stout, W.M.S., Lin, H.W.: Gathering threat intelligence through computer network deception. In: 2016 IEEE Symposium on Technologies for Homeland Security (HST), pp. 1–6. IEEE (2016)

    Google Scholar 

  21. Sayed, M.A., Rahman, M.M., Zaber, M.I., Ali, A.A.: Understanding Dhaka city traffic intensity and traffic expansion using gravity model. In: 2017 20th International Conference of Computer and Information Technology (ICCIT), pp. 1–6. IEEE (2017)

    Google Scholar 

  22. Pirozmand, P., Guowei, W., Jedari, B., **a, F.: Human mobility in opportunistic networks: characteristics, models and prediction methods. J. Netw. Comput. Appl. 42, 45–58 (2014)

    Article  Google Scholar 

  23. Abdulla, M., Simon, R.: Characteristics of common mobility models for opportunistic networks. In: Proceedings of the 2nd ACM Workshop on Performance Monitoring and Measurement of Heterogeneous Wireless and Wired Networks, pp. 105–109 (2007)

    Google Scholar 

  24. **uwen, F., Li, W., Yang, Y.: Exploring the impact of node mobility on cascading failures in spatial networks. Inf. Sci. 576, 140–156 (2021)

    Article  MathSciNet  Google Scholar 

  25. **a, Y., Yeo, C.K.: Mitigating the impact of node mobility using mobile backbone for heterogeneous MANETs. Comput. Commun. 35(10), 1217–1230 (2012)

    Article  Google Scholar 

  26. Lin, Y., Wang, X., Zhang, L., Li, P., Zhang, D., Liu, S.: The impact of node velocity diversity on mobile opportunistic network performance. J. Netw. Comput. Appl. 55, 47–58 (2015)

    Article  Google Scholar 

  27. Pala, Z., Bicakci, K., Turk, M.: Effects of node mobility on energy balancing in wireless networks. Comput. Electr. Eng. 41, 314–324 (2015)

    Article  Google Scholar 

  28. Urias, V.E., Stout, W.M.S., Luc-Watson, J., Grim, C., Liebrock, L., Merza, M.: Technologies to enable cyber deception. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–6. IEEE (2017)

    Google Scholar 

  29. Miehling, E., Rasouli, M., Teneketzis, D.: Optimal defense policies for partially observable spreading processes on Bayesian attack graphs. In: Proceedings of the Second ACM Workshop on Moving Target Defense, pp. 67–76 (2015)

    Google Scholar 

  30. Başar, T., Olsder, G.J.: Dynamic Noncooperative Game Theory. SIAM (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Texas at El Paso, El Paso, TX, 79968, USA

    Md Abu Sayed & Christopher Kiekintveld

  2. DEVCOM Army Research Laboratory, Adelphi, MD, 20783, USA

    Ahmed H. Anwar & Charles Kamhoua

Authors
  1. Md Abu Sayed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmed H. Anwar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christopher Kiekintveld
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Charles Kamhoua
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Md Abu Sayed , Ahmed H. Anwar , Christopher Kiekintveld or Charles Kamhoua .

Editor information

Editors and Affiliations

  1. University of Florida, Gainesville, FL, USA

    Jie Fu

  2. Czech Technical University in Prague, Prague, Czech Republic

    Tomas Kroupa

  3. University of Avignon, Avignon, France

    Yezekael Hayel

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sayed, M.A., Anwar, A.H., Kiekintveld, C., Kamhoua, C. (2023). Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach. In: Fu, J., Kroupa, T., Hayel, Y. (eds) Decision and Game Theory for Security. GameSec 2023. Lecture Notes in Computer Science, vol 14167. Springer, Cham. https://doi.org/10.1007/978-3-031-50670-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-50670-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-50669-7

  • Online ISBN: 978-3-031-50670-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation