A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy

Authors:
Jeffrey Pawlick

NYU Tandon School of Engineering and U.S. Army Research Laboratory, Adelphi, MD, USA

NYU Tandon School of Engineering and U.S. Army Research Laboratory, Adelphi, MD, USA

0000-0002-3970-4756
View Profile

,
Edward Colbert

Virginia Tech Intelligent Systems Lab, Hume Center for National Security and Technology, and U.S. Army Research Laboratory, Arlington, VA, USA

Virginia Tech Intelligent Systems Lab, Hume Center for National Security and Technology, and U.S. Army Research Laboratory, Arlington, VA, USA
View Profile

,
Quanyan Zhu

New York University Tandon School of Engineering

New York University Tandon School of Engineering
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 52 Issue 4Article No.: 82pp 1–28https://doi.org/10.1145/3337772

Published:30 August 2019Publication History

ACM Computing Surveys

Abstract

Cyberattacks on both databases and critical infrastructure have threatened public and private sectors. Ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this article, we survey 24 articles from 2008 to 2018 that use game theory to model defensive deception for cybersecurity and privacy. Then, we propose a taxonomy that defines six types of deception: perturbation, moving target defense, obfuscation, mixing, honey-x, and attacker engagement. These types are delineated by their information structures, agents, actions, and duration: precisely concepts captured by game theory. Our aims are to rigorously define types of defensive deception, to capture a snapshot of the state of the literature, to provide a menu of models that can be used for applied research, and to identify promising areas for future work. Our taxonomy provides a systematic foundation for understanding different types of defensive deception commonly encountered in cybersecurity and privacy.

References

George A. Akerlof and Robert J. Shiller. 2015. Phishing for Phools: The Economics of Manipulation and Deception. Princeton University Press.Google Scholar
Tansu Alpcan and Tamer Basar. 2003. A game theoretic approach to decision and analysis in network intrusion detection. In Proceedings of the IEEE Conference on Decision and Control, vol. 3. IEEE, 2595--2600.Google ScholarCross Ref
Mário S. Alvim, Konstantinos Chatzikokolakis, Yusuke Kawamoto, and Catuscia Palamidessi. 2017. Information leakage games. In Decision and Game Theory for Security. Springer, 437--457.Google Scholar
Sharon Astyk, Aaron Newton, and Colin F. Camerer. 2010. Pinocchio’s pupil: Using eyetracking and pupil dilation to understand truth telling and deception in sender-receiver games. Amer. Econ. Rev. 100, 3 (2010), 984--1007.Google ScholarCross Ref
Tamer Basar. 1983. The Gaussian test channel with an intelligent jammer. IEEE Trans. Info. Theory 29, 1 (1983), 152--157. Google ScholarDigital Library
J. Bowyer Bell and Barton Whaley. 2017. Cheating and Deception. Routledge.Google Scholar
Michael Bennett and Edward Waltz. 2007. Counterdeception Principles and Applications for National Security. Artech House.Google Scholar
Sean Bodmer, Max Kilger, Gregory Carpenter, and Jade Jones. 2012. Reverse Deception: Organized Cyber Threat Counter-exploitation. McGraw Hill Professional.Google Scholar
Charles F. Bond Jr. and Bella M. DePaulo. 2008. Individual differences in judging deception: Accuracy and bias. Psychol. Bull. 134, 4 (2008), 477.Google ScholarCross Ref
Thomas E. Carroll and Daniel Grosu. 2011. A game theoretic investigation of deception in network security. Secur. Commun. Nets. 4, 10 (2011), 1162--1172.Google ScholarCross Ref
Hayreddin Çeker, Jun Zhuang, Shambhu Upadhyaya, Quang Duy La, and Boon-Hee Soong. 2016. Deception-based game theoretical approach to mitigate DoS attacks. In Decision and Game Theory for Security. Springer, 18--38. Google ScholarDigital Library
Michela Chessa, Jens Grossklags, and Patrick Loiseau. 2015. A game-theoretic study on non-monetary incentives in data analytics projects with privacy implications. In Proceedings of the IEEE Computer Security Foundations Symposium. 90--104. Google ScholarDigital Library
Hugh Chisholm. 1911. Predicables. In Encyclopedia Britannica (11th ed.). Cambridge University Press.Google Scholar
Andrew Clark, Quanyan Zhu, Radha Poovendran, and Tamer Başar. 2012. Deceptive routing in relay networks. In Decision and Game Theory for Security. Springer, 171--185.Google Scholar
Hugh Cott. 1940. Adaptive Coloration in Animals. Methuen.Google Scholar
Vincent P. Crawford and Joel Sobel. 1982. Strategic information transmission. Econometrica: J of the Econometric Soc. (1982), 1431--1451.Google Scholar
Cuong T. Do, Nguyen H. Tran, Choongseon Hong, Charles A. Kamhoua, Kevin A. Kwiat, Erik Blasch, Shaolei Ren, Niki Pissinou, and Sundaraja Sitharama Iyengar. 2017. Game theory for cyber security and privacy. ACM Comput. Surveys 50, 2 (2017), 30. Google ScholarDigital Library
Karel Durkota, Viliam Lisỳ, Branislav Bošanský, and Christopher Kiekintveld. 2015. Optimal network security hardening using attack graph games. In Proceedings of the International Joint Conference on Artificial Intelligence. 526--532. Google ScholarDigital Library
Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest. 2016. Hype and heavy tails: A closer look at data breaches. J. Cybersecur. 2, 1 (2016), 3--14.Google ScholarCross Ref
Xiaotao Feng, Zizhan Zheng, Prasant Mohapatra, and Derya Cansever. 2017. A Stackelberg game and Markov modeling of moving target defense. In Decision and Game Theory for Security. Springer, 315--335.Google Scholar
K. J. Ferguson-Walter, D. S. LaFon, and T. B. Shade. 2017. Friend or “Faux”: Deception for cyber defense. J. Info. Warfare 16, 2 (2017), 28--42. https://www.jstor.org/stable/26502755.Google Scholar
Jerzy Filar and Koos Vrieze. 2012. Competitive Markov Decision Processes. Springer Science 8 Business Media, New York.Google Scholar
Urs Fischbacher and Franziska Föllmi-Heusi. 2013. Lies in disguise-an experimental study on cheating. J. Euro. Econ. Assoc. 11, 3 (2013), 525--547.Google ScholarCross Ref
Julien Freudiger, Mohammad Hossein Manshaei, Jean-Pierre Hubaux, and David C. Parkes. 2009. On non-cooperative location privacy: A game-theoretic analysis. In Proceedings of the ACM Conference on Computer and Community Security. ACM, 324--337. Google ScholarDigital Library
D. Fudenberg and J. Tirole. 1991. Game Theory. MIT Press.Google Scholar
R. Edward Geiselman. 2012. The cognitive interview for suspects (CIS). Amer. Coll. Forensic Psychol. 30, 3 (2012), 1--16.Google Scholar
Uri Gneezy. 2005. Deception: The role of consequences. Amer. Econ. Rev. 95, 1 (2005), 384--394.Google ScholarCross Ref
Roy Godson and James J. Wirtz. 2011. Strategic Denial and Deception: The Twenty-first Century Challenge. Transaction Publishers.Google Scholar
Benjamin Grosser. 2014. Privacy through visibility: Disrupting NSA surveillance with algorithmically generated “scary” stories. University of Wisconsin-Milwaukee. Retrieved from https://bengrosser.com/projects/scaremail/.Google Scholar
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow. 2015. Cyber Denial, Deception and Counter Deception. Springer. Google ScholarDigital Library
Karel Horák, Quanyan Zhu, and Branislav Bošanský. 2017. Manipulating adversary’s belief: A dynamic game approach to deception by design in network security. In Decision and Game Theory for Security. Springer, 273--294.Google Scholar
Daniel C. Howe and Helen Nissenbaum. 2009. TrackMeNot: Resisting surveillance in web search. Lessons Ident. Trail: Anon., Priv., Ident. Netw. Soc. 23 (2009), 417--436. Retrieved from http://www.nyu.edu/pages/projects/nissenbaum/papers/ch23(HoweNissenbaum)Web.pdf.Google Scholar
Sjaak Hurkens and Navin Kartik. 2009. Would I lie to you? On social preferences and lying aversion. Exper. Econ. 12, 2 (2009), 180--192.Google ScholarCross Ref
Manish Jain, Jason Tsai, James Pita, Christopher Kiekintveld, Shyamsunder Rathi, Milind Tambe, and Fernando Ordónez. 2010. Software assistants for randomized patrol planning for the LAX airport police and the Federal Air Marshal Service. Interfaces 40, 4 (2010), 267--290. Google ScholarDigital Library
Navin Kartik. 2009. Strategic communication with lying costs. Rev. Econ. Studies 76, 4 (2009), 1359--1395.Google ScholarCross Ref
Christopher Kiekintveld, Viliam Lisỳ, and Radek Píbil. 2015. Game-theoretic foundations for the strategic use of honeypots in network security. In Cyber Warfare. Springer, 81--101.Google Scholar
Rongxing Lu, Xiaodong Lin, Tom H. Luan, Xiaohui Liang, and Xuemin Shen. 2012. Pseudonym changing at social spots: An effective strategy for location privacy in vanets. IEEE Trans Vehic. Technol. 61, 1 (2012), 86--96.Google ScholarCross Ref
David T. Lykken. 1959. The GSR in the detection of guilt. J. Appl. Psychol. 43, 6 (1959), 385.Google ScholarCross Ref
James Edwin Mahon. 2016. The definition of lying and deception. In The Stanford Encyclopedia of Philosophy (winter 2016 ed.), Edward N. Zalta (Ed.).Google Scholar
Mohammad Hossein Manshaei, Quanyan Zhu, Tansu Alpcan, Tamer Bacşar, and Jean-Pierre Hubaux. 2013. Game theory meets network security and privacy. ACM Comput. Surveys 45, 3 (2013), 25. Google ScholarDigital Library
Joseph Meyerowitz and Romit Roy Choudhury. 2009. Hiding stars with fireworks: Location privacy through camouflage. In Proceedings of the 15th annual International Conference on Mobile Computing and Networking. ACM, 345--356. Retrieved from http://dl.acm.org/citation.cfm?id=1614358. Google ScholarDigital Library
Paul R. Milgrom. 1981. Good news and bad news: Representation theorems and applications. Bell J. Econ. 12, 2 (1981), 380--391.Google ScholarCross Ref
MITRE. 2010. Science of cyber-security. https://fas.org/irp/agency/dod/jason/cyber.pdf.Google Scholar
Amin Mohammadi, Mohammad Hossein Manshaei, Monireh Mohebbi Moghaddam, and Quanyan Zhu. 2016. A game-theoretic analysis of deception over social networks using fake avatars. In Decision and Game Theory for Security. Springer, 382--394. Google ScholarDigital Library
Roger B. Myerson. 1991. Game Theory: Analysis of Conflict. Harvard University Press.Google Scholar
John F. Nash. 1950. Equilibrium points in n-person games. Proc. Nat. Acad. Sci. U.S.A. 36, 1 (1950), 48--49.Google ScholarCross Ref
NISO. 2005. Guidelines for the construction, format, and management of monolingual controlled vocabularies. https://groups.niso.org/apps/group_public/download.php/12591/z39-19-2005r2010.pdf.Google Scholar
Helen Nissenbaum. 2004. Privacy as contextual integrity. Wash. Law Rev. 79 (2004), 119.Google Scholar
Alessandro Oltramari, Lorrie Faith Cranor, Robert J. Walls, and Patrick D. McDaniel. 2014. Building an ontology of cyber security. In Proceedings of the Conference on Semantic Technology for Defense, Intelligence, and Security (STIDS’14). 54--61.Google Scholar
Jeffrey Pawlick, Edward Colbert, and Quanyan Zhu. 2018. Modeling and analysis of leaky deception using signaling games with evidence. IEEE Trans. Inform. Forens. Secur. 14, 7 (2018), 1871--1886.Google ScholarCross Ref
Jeffrey Pawlick, Sadegh Farhang, and Quanyan Zhu. 2015. Flip the cloud: Cyber-physical signaling games in the presence of advanced persistent threats. In Decision and Game Theory for Security. Springer, 289--308.Google Scholar
Jeffrey Pawlick and Quanyan Zhu. 2015. Deception by design: Evidence-based signaling games for network defense. In Proceedings of the Workshop on the Economics of Inform. Security and Privacy. Delft, The Netherlands. http://arxiv.org/abs/1503.05458Google Scholar
Jeffrey Pawlick and Quanyan Zhu. 2016. A Stackelberg game perspective on the conflict between machine learning and data obfuscation. In Proceedings of the IEEE Workshop on Information Forensics and Security. https://arxiv.org/abs/1608.02546Google ScholarCross Ref
Jeffrey Pawlick and Quanyan Zhu. 2017a. A mean-field Stackelberg game approach for obfuscation adoption in empirical risk minimization. In Proceedings of the Global Signal and Information Processing Workshop on Control and Game Theoretic Approaches to Security and Privacy.Google ScholarCross Ref
Jeffrey Pawlick and Quanyan Zhu. 2017b. Strategic trust in cloud-enabled cyber-physical systems with an application to glucose control. IEEE Trans Inform. Forens. Secur. 12, 12 (2017), 2906--2919.Google ScholarDigital Library
Scott R. Peppet. 2014. Regulating the Internet of things: First steps toward managing discrimination, privacy, security and consent. Tex. L. Rev. 93 (2014), 85. Retrieved from http://heinonlinebackup.com/hol-cgi-bin/getpdf.cgi?handle=hein.J.s/tlr938section=5.Google Scholar
Radek Píbil, Viliam Lisỳ, Christopher Kiekintveld, Branislav Bošanskỳ, and Michal Pechoucek. 2012. Game theoretic model of strategic honeypot selection in computer networks. In Decision and Game Theory for Security. Springer, 201--220.Google Scholar
James Pita, Manish Jain, Janusz Marecki, Fernando Ordóñez, Christopher Portway, Milind Tambe, Craig Western, Praveen Paruchuri, and Sarit Kraus. 2008. Deployed ARMOR protection: The application of a game theoretic model for security at the los angeles intl. airport. In Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems: Industrial Track. International Foundation for Autonomous Agents and Multiagent Systems, 125--132. Google ScholarDigital Library
Stefan Rass, Sandra König, and Stefan Schauer. 2017. On the cost of game playing: How to control the expenses in mixed strategies. In Decision and Game Theory for Security. Springer, 495--505.Google Scholar
Hy Rothstein and Barton Whaley. 2013. The Art and Science of Military Deception. Artech House.Google Scholar
Neil C. Rowe. 2006. A taxonomy of deception in cyberspace. In Proceedings of the International Conference on Information Warfare and Security (2006).Google Scholar
Neil C. Rowe and Julian Rrushi. 2016. Introduction to Cyberdeception. Springer. Google ScholarDigital Library
Sankardas Roy, Charles Ellis, Sajjan Shiva, Dipankar Dasgupta, Vivek Shandilya, and Qishi Wu. 2010. A survey of game theory as applied to network security. In Proceedings of the IEEE International Conference on System Sciences. 1--10. Google ScholarDigital Library
Sailik Sengupta, Ankur Chowdhary, Dijiang Huang, and Subbarao Kambhampati. 2018. Moving target defense for the placement of intrusion detection systems in the cloud. In Decision and Game Theory for Security. Springer, 326--345.Google Scholar
Eric Shieh, Bo An, Rong Yang, Milind Tambe, Craig Baldwin, Joseph DiRenzo, Ben Maule, and Garrett Meyer. 2012. Protect: A deployed game theoretic system to protect the ports of the United States. In Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems—Volume 1. International Foundation for Autonomous Agents and Multiagent Systems, 13--20. Google ScholarDigital Library
Reza Shokri. 2015. Privacy games: Optimal user-centric data obfuscation. Proc. Priv. Enhanc. Technol. 2 (2015), 299--315.Google ScholarCross Ref
George Theodorakopoulos, Reza Shokri, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2014. Prolonging the hide-and-seek game: Optimal trajectory privacy for location-based services. In Proceedings of the ACM Workshop on Privacy in the Electronic Society. 73--82. Google ScholarDigital Library
Heinrich Von Stackelberg. 1934. Marktform und Gleichgewicht. Springer.Google Scholar
Aldert Vrij, Samantha A. Mann, Ronald P. Fisher, Sharon Leal, Rebecca Milne, and Ray Bull. 2008. Increasing cognitive load to facilitate lie detection: The benefit of recalling an event in reverse order. Law Hum. Behav. 32, 3 (2008), 253--265.Google ScholarCross Ref
Barton Whaley. 2016. Practise to Deceive: Learning Curves of Military Deception Planners. Naval Institute Press.Google Scholar
Nan Zhang, Wei Yu, Xinwen Fu, and Sajal K. Das. 2010. gPath: A game-theoretic path selection algorithm to protect tor’s anonymity. In Decision and Game Theory for Security. Springer, 58--71. Google ScholarDigital Library
Rui Zhang and Quanyan Zhu. 2015. Secure and resilient distributed machine learning under adversarial environments. In Proceedings of the 18th International Conference on Information Fusion (Fusion’15). IEEE, 644--651.Google Scholar
Rui Zhang and Quanyan Zhu. 2017. A game-theoretic analysis of label flipping attacks on distributed support vector machines. In Proceedings of the 51st Annual Conference on Information Sciences and Systems (CISS’17). IEEE, 1--6.Google ScholarCross Ref
Quanyan Zhu and Tamer Başar. 2013. Game-theoretic approach to feedback-driven multi-stage moving target defense. In Decision and Game Theory for Security. Springer, 246--263. Google ScholarDigital Library
Quanyan Zhu, Andrew Clark, Radha Poovendran, and Tamer Başar. 2012. Deceptive routing games. In Proceedings of the IEEE Conference on Decision and Control. 2704--2711.Google ScholarCross Ref
J. Zhuang, V. M. Bier, and O. Alagoz. 2010. Modeling secrecy and deception in a multiple-period attacker-defender signaling game. Eur. J. Operation. Res. 203, 2 (2010), 409--418.Google ScholarCross Ref

Index Terms

A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Economics of security and privacy
  2. Network security

Recommendations

Deception-Based Game Theoretical Approach to Mitigate DoS Attacks
GameSec 2016: 7th International Conference on Decision and Game Theory for Security - Volume 9996

Denial of Service DoS attacks prevent legitimate users from accessing resources by compromising availability of a system. Despite advanced prevention mechanisms, DoS attacks continue to exist, and there is no widely-accepted solution. We propose a ...
Read More
Insider Threat Mitigation Using Moving Target Defense and Deception
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security Threats

The insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most ...
Read More
Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach
Decision and Game Theory for Security
Abstract
Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 52, Issue 4
July 2020
769 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3359984
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering
Issue’s Table of Contents
Copyright © 2019 ACM
© 2019 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 30 August 2019
- Accepted: 1 May 2019
- Revised: 1 March 2018
- Received: 1 December 2017
Published in csur Volume 52, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Cybersecurity
attacker engagement
deception
game theory
honeypot
mix network
moving target defense
obfuscation
perturbation
privacy
survey
taxonomy
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 79
  Total Citations
  View Citations
- 4,423
  Total Downloads
- Downloads (Last 12 months)1,237
- Downloads (Last 6 weeks)173
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Deception-Based Game Theoretical Approach to Mitigate DoS Attacks

Insider Threat Mitigation Using Moving Target Defense and Deception

Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach