Model-driven Deception for Control System Environments

Hofer, William; Edgar, Thomas W.; Vrabie, Draguna; Nowak, Kathleen

doi:10.1109/hst47167.2019.9032927

Cited by 5 publications

(7 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hofer et al [72] discussed the attributes of cyber-physical decoys to design a system with these attributes to develop deception decoys. The authors integrated the deception decoys into real systems to make them harder to detect and more appealing as targets.…”

Section: Pros and Consmentioning

confidence: 99%

“…• Advanced persistent threats (APT) [48,72,75,87,105,106,124]: An APT attack is the most well-known sophisticated attack performing different types of attacks in the stages of the cyber kill chain (CKC) [103]. In particular, gametheoretic defensive deception research has considered the APT attack but mostly focused on the attacks during the reconnaissance stage.…”

Section: Attacks Countermeasured By Defensive Deception Techniquesmentioning

confidence: 99%

“…1) DD Techniques: Although defensive deception techniques have been deployed in CPS environments, their applicability seems not limited to only CPS environments, rather applicable in any environments. We found bait information and honeypots are applied to the CPS environments for introducing confusion or uncertainty to attackers or luring them to honeypots for collecting attack intelligence [72,81,121].…”

Section: B Cyber-physical Systems (Cpss)mentioning

confidence: 99%

“…2) Main Attacks: game-theoretic or ML-based DD techniques in this environment mainly handled node compromise [81], scanning or reconnaissance attacks [121], or APT attacks [72].…”

Section: B Cyber-physical Systems (Cpss)mentioning

confidence: 99%

“…In addition, how to select honeypots to maximize confusion or uncertainty to attackers is also studied in [81]. To create decoy devices that look like real, RNN (Recurrent Neural Networks) was also used based on observations of device behaviors for a year in a CPS [72].…”

Section: B Cyber-physical Systems (Cpss)mentioning

confidence: 99%

See 4 more Smart Citations

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

Zhu¹,

Anwar²,

Wan³

et al. 2021

Preprint

View full text Add to dashboard Cite

Defensive deception is a promising approach for cyberdefense. Although defensive deception is increasingly popular in the research community, there hasn't been a systematic investigation of its key components, the underlying principles, and its tradeoffs in various problem settings. This survey paper focuses on defensive deception research centered on game theory and machine learning, since these are prominent families of artificial intelligence approaches that are widely employed in defensive deception. This paper brings forth insights, lessons, and limitations from prior work. It closes with an outline of some research directions to tackle major gaps in current defensive deception research.

show abstract

Section: Pros and Consmentioning

confidence: 99%

Section: Attacks Countermeasured By Defensive Deception Techniquesmentioning

confidence: 99%

Section: B Cyber-physical Systems (Cpss)mentioning

confidence: 99%

“…2) Main Attacks: game-theoretic or ML-based DD techniques in this environment mainly handled node compromise [81], scanning or reconnaissance attacks [121], or APT attacks [72].…”

Section: B Cyber-physical Systems (Cpss)mentioning

confidence: 99%

Section: B Cyber-physical Systems (Cpss)mentioning

confidence: 99%

See 3 more Smart Citations

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

Zhu¹,

Anwar²,

Wan³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

A Survey of Defensive Deception: Approaches Using Game Theory and Machine Learning

Zhu

Anwar

Wan

et al. 2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Flipit Game Deception Strategy Selection Method Based on Deep Reinforcement Learning

He,

Tan,

Guo

et al. 2023

International Journal of Intelligent Systems

View full text Add to dashboard Cite

The existing cyber deception decision-making model based on game theory primarily focuses on the selection of spatial strategies, which ignores the optimal defense timing and can affect the execution of a defense strategy. Consequently, this paper presents a method for selecting deception strategies based on a multi-stage Flipit game. Firstly, based on the analysis of cyber deception attack and defense, we propose a concept of moving deception attack surface and analyze the characteristics of deception attack and defense interaction behaviors based on the Flipit game model. The Flipit game model is then utilized to create a single-stage deception spatial-temporal decision-making model. Additionally, we introduce the discount factor and transition probability based on a single-stage game model and construct a multi-stage cyber deception model. We provide the utility function of the multi-stage game model, and design a Proximal Policy Optimization algorithm based on deep reinforcement learning to compute the defender’s optimal spatial-temporal strategies. Finally, we utilize an application example to validate the effectiveness of the model and the advantages of the proposed algorithm in generating the multi-stage cyber deception strategy.

show abstract

Model-driven Deception for Control System Environments

Cited by 5 publications

References 11 publications

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

A Survey of Defensive Deception: Approaches Using Game Theory and Machine Learning

Flipit Game Deception Strategy Selection Method Based on Deep Reinforcement Learning

Contact Info

Product

Resources

About