Book chapter
Human-Subject Experiments on Risk-Based Cyber Camouflage Games
Cyber Deception, pp 25-40
2023
Abstract
Recent works have growingly shown that Cyber deception can effectively impede the reconnaissance efforts of intelligent cyber attackers. Recently proposed models to optimize a deceptive defense based on camouflaging network and system attributes have shown effective numerical results on simulated data. However, these models possess a fundamental drawback due to the assumption that an attempted attack is always successful—as a direct consequence of the deceptive strategies being deployed, the attacker runs a significant risk that the attack fails. Further, this risk or uncertainty in the rewards magnifies the boundedly rational behavior in humans which the previous models do not handle. To that end, we present Risk-based Cyber Camouflage Games—a general-sum game model that captures the uncertainty in the attack’s success. In case of the rational attackers, we show that optimal defender strategy computation is NP-hard even in the zero-sum. We provide a mixed-integer linear program formulation for the general problem with constraints on cost and feasibility, along with a pseudo-polynomial time algorithm for the special unconstrained setting. However, it is known that humans are limited cognitively in various ways and can only be boundedly rational. To address this challenge, for risk-averse attackers, we present a solution based on Prospect-theoretic modeling. We demonstrate the effectiveness of our approach using human-subject experiments in the CyberVAN testbed.
Metrics
4 Record Views
1 citations in Scopus
Details
- Title
- Human-Subject Experiments on Risk-Based Cyber Camouflage Games
- Creators
- Palvi Aggarwal - The University of Texas at El PasoShahin Jabbari - Drexel UniversityOmkar Thakoor - University of Southern CaliforniaEdward A. Cranford - Carnegie Mellon UniversityPhebe Vayanos - University of Southern CaliforniaChristian Lebiere - Carnegie Mellon UniversityMilind Tambe - Harvard UniversityCleotilde Gonzalez - Carnegie Mellon University
- Publication Details
- Cyber Deception, pp 25-40
- Series
- Advances in Information Security
- Publisher
- Springer International Publishing; Cham
- Resource Type
- Book chapter
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Scopus ID
- 2-s2.0-85149945064
- Other Identifier
- 991021868724504721