/ARO-Foureye

This is a project funded by US Army Research Office (W91NF-2020140). In this project, we develop a hypergame-theoretic defensive deception framework for tactical networks characterized by severe resource constraints, high operational tempo, or high hostility based on the learning and subjective beliefs of attackers and a defender.

Primary LanguageJupyter Notebook

Foureye: Cyber Defensive Deception based on Hypergame Theory for Tactical Networks

Conventional security mechanisms, such as access control mechanisms and intrusion detection systems, help deal with outside and inside threats but inadequately resist attackers subverting controls or posing new attacks. Deception is a third line of defense aiming to thwart potential attackers. The key idea of deception is to manipulate an attacker’s beliefs to mislead their decision making, inducing them to act suboptimally. Although game-theoretic approaches have been extensively explored for defensive deception, how to mislead an attacker’s belief by deception has not been investigated. Specifically, conventional game theory assumes that all players play the same game whereas in real life an attacker and defender may have different views of their conflict. Hypergame Theory (HT) has been applied to solve dynamic decision making accommodating uncertainty, incomplete information, and bounded rationality. HT is well-suited to modeling attack-defense interactions and has been applied to conflicts in adversarial settings. However, hy pergame theory has not been leveraged for designing and analyzing defensive deception. We propose to apply defensive deception in tactical networks characterized by severe resource constraints, high operational tempo, high hostility, and the nature of distributed components, where an attacker and defender play a hypergame with a different view based on their learning and sub jective beliefs. Specifically, we propose to develop a suite of effective and efficient deception techniques that can control an attacker’s belief and maximally mislead its decision making in carrying out its attack. To this end, we identify three research tasks: (1) design and analyze an attack-defense hypergame using defensive deception techniques developed based on objectives, effectiveness, and risk along with an attack-defense tree to derive attack and defense strategies; (2) develop strategy selection algorithms where the attacker and defender’s beliefs and utilities are dynamically estimated under uncertainty; and (3) validate the performance of the proposed deception techniques based on cross-validation using multiple evaluation methods and realistic tactical application scenarios.

Papers

Foureye: Defensive Deception Against Advanced Persistent Threats via Hypergame Theory

Link: https://ieeexplore.ieee.org/abstract/document/9559403

A Survey of Defensive Deception: Approaches Using Game Theory and Machine Learning

Link: https://ieeexplore.ieee.org/abstract/document/9508449

Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception

Existing defensive deception (DD) approaches apply game theory, assuming that an attacker and defender play the same, full game with all possible strategies. However, in deceptive settings, players may have different beliefs about the game itself. Such structural uncertainty is not naturally handled in traditional game theory. In this work, we formulate an attack-defense hypergame where multiple advanced persistent threat (APT) attackers and a single defender play a repeated game with different perceptions. The hypergame model systematically evaluates how various DD strategies can defend proactively against APT attacks. We present an adaptive method to select an optimal defense strategy using hypergame theory for strategic defense as well as machine learning for adaptive defense. We conducted in-depth experiments to analyze the performance of the eight schemes including ours, baselines, and existing counterparts. We found the DD strategies showed their highest advantages when the hypergame and machine learning are considered in terms of reduced false positives and negatives of the NIDS, system lifetime, and players’ perceived uncertainties and utilities. We also analyze the Hyper Nash Equilibrium of given hypergames and discuss the key findings and insights behind them.

Paper

Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception

Link: https://ieeexplore.ieee.org/abstract/document/10040491

Acknowledgment

This work is partly supported by the Army Research Office under Grant Contract Number W911NF-20-2-0140. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Office or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein.