Deceptive Attack and Defense Game in Honeypot-Enabled Networks for the Internet of Things

Lã, Quang Duy; Quek, Tony Q. S.; Lee, Jemin; Jin, Shi; Zhu, Hongbo

doi:10.1109/jiot.2016.2547994

Cited by 148 publications

(78 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors in [8] design a proactive defense scheme where the defender can manipulate the adversary's belief. In particular, many works [7], [16] including ones with game-theoretic models [22], [12] focus on adaptive honeypot deployment to effectively engage attackers and gather information without attackers' notice. However, few works investigate timing issues and risk assessment during the honeypot interaction.…”

Section: A Related Workmentioning

confidence: 99%

Adaptive Honeypot Engagement Through Reinforcement Learning of Semi-Markov Decision Processes

Huang

Zhu

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The honeynet is a promising active cyber defense mechanism. It reveals the fundamental Indicators of Compromise (IoC) by luring attackers to conduct adversarial behaviors in a controlled and monitored environment. The active interaction at the honeynet brings a high reward but also introduces high implementation costs and risks of adversarial honeynet exploitation. In this work, we apply the infinite-horizon Semi-Markov Decision Process (SMDP) to characterize the stochastic transition and sojourn time of attackers in the honeynet and quantify the reward-risk trade-off. In particular, we produce adaptive long-term engagement policies shown to be risk-averse, cost-effective, and time-efficient. Numerical results have demonstrated that our adaptive interaction policies can quickly attract attackers to the target honeypot and engage them for a sufficiently long period to obtain worthy threat information. Meanwhile, the penetration probability is kept at a low level. The results show that the expected utility is robust against attackers of a large range of persistence and intelligence. Finally, we apply reinforcement learning to SMDP to solve the curse of modeling. Under a prudent choice of the learning rate and exploration policy, we achieve a quick and robust convergence of the optimal policy and value.

show abstract

Section: A Related Workmentioning

confidence: 99%

Adaptive Honeypot Engagement Through Reinforcement Learning of Semi-Markov Decision Processes

Huang

Zhu

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Sedjelmaci et al [92] introduce an anomaly detection approach that tries to minimize [78] Machine Learning Anomaly DoS, Hello Flood, Sybil, Sinkhole attacks Arrington et al [79] Statistical Detection Anomaly N/A Arshad et al [80] Distributed and Collaborative Anomaly Routing and application specific attacks Azmoodeh et al [81] Machine Learning Anomaly Junk code insertion attacks Cervantes et al [82] Reputation Anomaly Sinkhole Attacks Fu et al [83] Statistical Detection Anomaly Bad Data Injection, DoS Kasinathan et al [84] Distributed and Collaborative Rule DoS Khan and Herrmann [43] Reputation Rule Selective Forwarding, Sinkhole, Version Number Khan et al [85] Reputation Rule Self Promoting, Bad Mouthing, Ballot Stuffing La et al [86] Game Theory Rule N/A Li et al [87] Machine Learning Anomaly Probing, DoS Liu et al [88] Distributed and Collaborative Rule N/A Liu and Wu [89] Statistical Detection Anomaly N/A Liu et al [90] Machine Learning Anomaly N/A Raza et al [91] Distributed and Collaborative Hybrid Spoofing, Sinkhole, Selective Forwarding Sedjelmaci et al [92] Game Theory Anomaly DoS Summerville et al [93] Statistical Detection Anomaly Wormhole, Bad Data Injection, User-to-Root Xiao et al [94] Machine Learning Anomaly Identity based, Malwares, Offloading attacks Yang et al [95] Machine Learning Anomaly Packet dropping, hole attacks, eavesdropping the energy consumption. In particular, game theory is used to find out whether the signature of a new attack is expected to occur.…”

Section: Game Theory-based Idssmentioning

confidence: 99%

“…Only then, the energy-intensive anomaly detection is activated. La et al [86] propose a model which comprehends attacks of varying seriousness that demand different degrees of action. The problem is modeled as a Bayesian game and its results determine the threshold to declare an activity as an intrusion.…”

Section: Game Theory-based Idssmentioning

confidence: 99%

Recent Advancements in Intrusion Detection Systems for the Internet of Things

Khan

Herrmann

2019

Security and Communication Networks

View full text Add to dashboard Cite

Many Internet of Things (IoT) systems run on tiny connected devices that have to deal with severe processor and energy restrictions. Often, the limited processing resources do not allow the use of standard security mechanisms on the nodes, making IoT applications quite vulnerable to different types of attacks. This holds particularly for intrusion detection systems (IDS) that are usually too resource-heavy to be handled by small IoT devices. Thus, many IoT systems are not sufficiently protected against typical network attacks like Denial-of-Service (DoS) and routing attacks. On the other side, IDSs have already been successfully used in adjacent network types like Mobile Ad hoc Networks (MANET), Wireless Sensor Networks (WSN), and Cyber-Physical Systems (CPS) which, in part, face limitations similar to those of IoT applications. Moreover, there is research work ongoing that promises IDSs that may better fit to the limitations of IoT devices. In this article, we will give an overview about IDSs suited for IoT networks. Besides looking on approaches developed particularly for IoT, we introduce also work for the three similar network types mentioned above and discuss if they are also suitable for IoT systems. In addition, we present some suggestions for future research work that could be useful to make IoT networks more secure.

show abstract

“…Our problem, on the other hand, considers one of the two participants having both a beneficial and harmful objective, and consequently its models do not extend directly to our communication problem where the secondary user can inflict wireless interference. In [16], a signaling game was proposed to model defense against attacks in honeypot-enabled networks. In this game, the attacker may try to deceive the defender by employing different types of attacks, ranging from suspicious to seemingly normal activity, while the defender in turn can make use of honeypots as a deception tool to trap the attacker.…”

Section: Introductionmentioning

confidence: 99%

Competitive Sharing of Spectrum: Reservation Obfuscation and Verification Strategies

Garnaev

Trappe

2017

Entropy

View full text Add to dashboard Cite

Sharing of radio spectrum between different types of wireless systems (e.g., different service providers) is the foundation for making more efficient usage of spectrum. Cognitive radio technologies have spurred the design of spectrum servers that coordinate the sharing of spectrum between different wireless systems. These servers receive information regarding the needs of each system, and then provide instructions back to each system regarding the spectrum bands they may use. This sharing of information is complicated by the fact that these systems are often in competition with each other: each system desires to use as much of the spectrum as possible to support its users, and each system could learn and harm the bands of the other system. Three problems arise in such a spectrum-sharing problem: (1) how to maintain reliable performance for each system-shared resource (licensed spectrum); (2) whether to believe the resource requests announced by each agent; and (3) if they do not believe, how much effort should be devoted to inspecting spectrum so as to prevent possible malicious activity. Since this problem can arise for a variety of wireless systems, we present an abstract formulation in which the agents or spectrum server introduces obfuscation in the resource assignment to maintain reliability. We derive a closed form expression for the expected damage that can arise from possible malicious activity, and using this formula we find a tradeoff between the amount of extra decoys that must be used in order to support higher communication fidelity against potential interference, and the cost of maintaining this reliability. Then, we examine a scenario where a smart adversary may also use obfuscation itself, and formulate the scenario as a signaling game, which can be solved by applying a classical iterative forward-induction algorithm. For an important particular case, the game is solved in a closed form, which gives conditions for deciding whether an agent can be trusted, or whether its request should be inspected and how intensely it should be inspected.

show abstract

Deceptive Attack and Defense Game in Honeypot-Enabled Networks for the Internet of Things

Cited by 148 publications

References 16 publications

Adaptive Honeypot Engagement Through Reinforcement Learning of Semi-Markov Decision Processes

Adaptive Honeypot Engagement Through Reinforcement Learning of Semi-Markov Decision Processes

Recent Advancements in Intrusion Detection Systems for the Internet of Things

Competitive Sharing of Spectrum: Reservation Obfuscation and Verification Strategies

Contact Info

Product

Resources

About