Creating Cyber Deception Games

Cyber deception has typically been a tool used by attackers to mask reconnaissance activities and infiltrate networks while keeping hidden from watchful defenders. We believe the use of deception is a necessary component of network and system defense. This paper uses game theory to reason about a cyber-attack scenario in which a deceiving defender uses lightweight decoys to hide and defend real hosts. In our model, a defender and an attacker play out a game with resources consisting of both real and decoy systems, a set of pre-determined actions for each player, and a method for defining and evaluating individual player strategies and payoffs. Our research provides a general framework for representing deception games using multiple game trees and an explicit representation of each individual player's knowledge of game structure and payoffs. We present a graphical representation of our multiple game tree model and a framework for representing and evaluating the strategy selection when an attacker is unaware of a subset of the defender's available strategies. Finally, we present several cyber deception scenarios using our framework.