Abstract
In this paper, we define a cyber deception game between the Advanced Metering Infrastructure (AMI) network administrator (henceforth, defender) and attacker. The defender decides to install between a low-interaction honeypot, high-interaction honeypot, and a real system with no honeypot. The attacker decides on whether or not to attack the system given her belief about the type of device she is facing. We model this interaction as a Bayesian game with complete but imperfect information. The choice of honeypot type is private information and characterizes the essence and objective of the defender i.e., the degree of deception and amount of threat intelligence. We study the players’ equilibrium strategies and provide numerical illustrations. The work presented in this paper has been motivated by the H2020 SPEAR project which investigates the implementation of honeypots in smart grid infrastructures to: (i) contribute towards creating attack data sets for training a SIEM (Security Information and Event Management) and (ii) to support post-incident forensics analysis by having recorded a collection of evidence regarding an attacker’s actions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Li, X., Liang, X., Lu, R., Shen, X., Lin, X., Zhu, H.: Securing smart grid: cyber attacks, countermeasures, and challenges. IEEE Commun. Mag. 50(8), 38–45 (2012)
Petrovic, T., Echigo, K., Morikawa, H.: Detecting presence from a WiFi router’s electric power consumption by machine learning. IEEE Access 6, 9679–9689 (2018)
Barnum, S.: Standardizing cyber threat intelligence information with the structured threat information expression (STIX). Mitre Corp. 11, 1–22 (2012)
Pawlick, J., Colbert, E., Zhu, Q.: A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy. arXiv preprint arXiv:1712.05441 (2017)
Jicha, A., Patton, M., Chen, H.: SCADA honeypots: an in-depth analysis of Conpot. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp. 196–198. IEEE (2016)
Mairh, A., Barik, D., Verma, K., Jena, D.: Honeypot in network security: a survey. In: Proceedings of the 2011 International Conference on Communication, Computing and Security, pp. 600–605. ACM (2011)
Nawrocki, M., Wählisch, M., Schmidt, T.C., Keil, C., Schönfelder, J.: A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249 (2016)
La, Q.D., Quek, T.Q., Lee, J., Jin, S., Zhu, H.: Deceptive attack and defense game in honeypot-enabled networks for the internet of things. IEEE Internet Things J. 3(6), 1025–1035 (2016)
Williamson, S.A., Varakantham, P., Hui, O.C., Gao, D.: Active malware analysis using stochastic games. In: Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 29–36. International Foundation for Autonomous Agents and Multiagent Systems (2012)
Wagener, G., State, R., Dulaunoy, A., Engel, T.: Self adaptive high interaction honeypots driven by game theory. In: Guerraoui, R., Petit, F. (eds.) SSS 2009. LNCS, vol. 5873, pp. 741–755. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05118-0_51
Rowe, N.C., Custy, E.J., Duong, B.T.: Defending cyberspace with fake honeypots. JCP 2(2), 25–36 (2007)
Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_12
Garg, N., Grosu, D.: Deception in honeynets: a game-theoretic analysis. In: 2007 IEEE SMC Information Assurance and Security Workshop, pp. 107–113. IEEE (2007)
Çeker, H., Zhuang, J., Upadhyaya, S., La, Q.D., Soong, B.-H.: Deception-based game theoretical approach to mitigate DoS attacks. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 18–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_2
Wang, K., Du, M., Maharjan, S., Sun, Y.: Strategic honeypot game model for distributed denial of service attacks in the smart grid. IEEE Trans. Smart Grid 8(5), 2474–2482 (2017)
Wagener, G., State, R., Engel, T., Dulaunoy, A.: Adaptive and self-configurable honeypots. In: 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops, pp. 345–352. IEEE (2011)
Hayatle, O., Otrok, H., Youssef, A.: A game theoretic investigation for high interaction honeypots. In: 2012 IEEE International Conference on Communications (ICC), pp. 6662–6667. IEEE (2012)
Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. Secur. Commun. Netw. 4(10), 1162–1172 (2011)
Pawlick, J., Zhu, Q.: Deception by design: evidence-based signaling games for network defense. arXiv preprint arXiv:1503.05458 (2015)
Li, H., Yang, X., Qu, L.: On the offense and defense game in the network honeypot. In: Lee, G. (ed.) Advances in Automation and Robotics, Vol. 2. LNEE, vol. 123, pp. 239–246. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25646-2_33
Li, Y., Shi, L., Feng, H.: A game-theoretic analysis for distributed honeypots. Future Internet 11(3), 65 (2019)
Mokube, I., Adams, M.: Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference, pp. 321–326. ACM (2007)
Jasek, R., Kolarik, M., Vymola, T.: APT detection system using honeypots. In: Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC 2013), pp. 25–29. WSEAS Press (2013)
Weiler, N.: Honeypots for distributed denial-of-service attacks. In: Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 109–114. IEEE (2002)
Kelly, G., Gan, D.: Analysis of attacks using a honeypot. In: International Cybercrime, Security and Digital Forensics Conference (2011)
Fudenberg, D., Tirole, J.: Perfect Bayesian equilibrium and sequential equilibrium. J. Econ. Theory 53(2), 236–260 (1991)
Gibbons, R.: A Primer in Game Theory. Harvester Wheatsheaf, New York (1992)
Acknowledgement
We thank the anonymous reviewers for their comments.
Nadia Boumkheld and Emmanouil Panaousis are supported by the H2020 SPEAR grant agreement, no 787011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Boumkheld, N., Panda, S., Rass, S., Panaousis, E. (2019). Honeypot Type Selection Games for Smart Grid Networks. In: Alpcan, T., Vorobeychik, Y., Baras, J., Dán, G. (eds) Decision and Game Theory for Security. GameSec 2019. Lecture Notes in Computer Science(), vol 11836. Springer, Cham. https://doi.org/10.1007/978-3-030-32430-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-32430-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32429-2
Online ISBN: 978-3-030-32430-8
eBook Packages: Computer ScienceComputer Science (R0)