Concealing Cyber-Decoys using Two-Sided Feature Deception Games

Presenter Information

Mohammad Sujan Miah, University of Texas at El PasoFollow
Marcus Gutierrez, University of Texas at El PasoFollow
Oscar Veliz, University of Texas at El PasoFollow
Omkar Thakoor, University of Southern CaliforniaFollow
Christopher Kiekintveld, University of Texas at El PasoFollow

Location

Grand Wailea, Hawaii

Event Website

https://hicss.hawaii.edu/

Start Date

7-1-2020 12:00 AM

End Date

10-1-2020 12:00 AM

Description

An increasingly important tool for securing computer networks is the use of deceptive decoy objects (e.g., fake hosts, accounts, or files) to detect, confuse, and distract attackers. One of the well-known challenges in using decoys is that it can be difficult to design effective decoys that are hard to distinguish from real objects, especially against sophisticated attackers who may be aware of the use of decoys. A key issue is that both real and decoy objects may have observable features that may give the attacker the ability to distinguish one from the other. However, a defender deploying decoys may be able to modify some features of either the real or decoy objects (at some cost) making the decoys more effective. We present a game-theoretic model of two-sided deception that models this scenario. We present an empirical analysis of this model to show strategies for effectively concealing decoys, as well as some limitations of decoys for cyber security.