Recent incidents such as the Colonial Pipeline ransomware attack and the
SolarWinds hack have shown that traditional defense techniques are becoming
insufficient to deter adversaries of growing sophistication. Proactive and
deceptive defenses are an emerging class of methods to defend against zero-day
and advanced attacks. This work develops a new game-theoretic framework called
the duplicity game to design deception mechanisms that consist of a generator,
an incentive modulator, and a trust manipulator, referred to as the GMM
mechanism. We formulate a mathematical programming problem to compute the
optimal GMM mechanism, quantify the upper limit of enforceable security
policies, and characterize conditions on user’s identifiability and
manageability for cyber attribution and user management. We develop a
separation principle that decouples the design of the modulator from the GMM
mechanism and an equivalence principle that turns the joint design of the
generator and the manipulator into the single design of the manipulator. A case
study of dynamic honeypot configurations is presented to mitigate insider
threats. The numerical experiments corroborate the results that the optimal GMM
mechanism can elicit desirable actions from both selfish and adversarial
insiders and consequently improve the security posture of the insider network.
In particular, a proper modulator can reduce the utility misalignment between
the players and achieve win-win situations for the selfish insider and the
defender. Meanwhile, we observe that the defender always benefits from faking
the percentage of honeypots when the optimal generator is presented.

By admin