Online Cyber Deception System Using Partially Observable Monte-Carlo Planning Framework

Abstract

Cyber deception is an approach where the network administrators can deploy a network of decoy assets with the aim to expend adversaries’ resources and time and gather information about the adversaries’ strategies, tactics, capabilities, and intent. The key challenge in this cyber deception approach is the design and placement of network decoys to ensure maximal information uncertainty for the attackers. State-of-the-art approaches to address this design and placement problem assume a static environment and apriori strategies taken by the attacker. In this paper, we propose the design and placement of network decoys considering scenarios where defender’s action influence an attacker to change its strategies and tactics dynamically while maintaining the trade-off between availability and security. The defender maintains a belief consisting of security state and the resultant actions are modeled as Partially Observable Markov Decision Process (POMDP). Our simulation results illustrate the defender’s increasing ability to influence the attacker’s attack path to comprise of fake nodes and networks.