Honeypot Type Selection Games for Smart Grid Networks

  • Nadia Boumkheld
  • Sakshyam Panda
  • Stefan Rass
  • Emmanouil PanaousisEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11836)


In this paper, we define a cyber deception game between the Advanced Metering Infrastructure (AMI) network administrator (henceforth, defender) and attacker. The defender decides to install between a low-interaction honeypot, high-interaction honeypot, and a real system with no honeypot. The attacker decides on whether or not to attack the system given her belief about the type of device she is facing. We model this interaction as a Bayesian game with complete but imperfect information. The choice of honeypot type is private information and characterizes the essence and objective of the defender i.e., the degree of deception and amount of threat intelligence. We study the players’ equilibrium strategies and provide numerical illustrations. The work presented in this paper has been motivated by the H2020 SPEAR project which investigates the implementation of honeypots in smart grid infrastructures to: (i) contribute towards creating attack data sets for training a SIEM (Security Information and Event Management) and (ii) to support post-incident forensics analysis by having recorded a collection of evidence regarding an attacker’s actions.


Game theory Honeypots Smart grid Cyber security 



We thank the anonymous reviewers for their comments.

Nadia Boumkheld and Emmanouil Panaousis are supported by the H2020 SPEAR grant agreement, no 787011.


  1. 1.
    Li, X., Liang, X., Lu, R., Shen, X., Lin, X., Zhu, H.: Securing smart grid: cyber attacks, countermeasures, and challenges. IEEE Commun. Mag. 50(8), 38–45 (2012)CrossRefGoogle Scholar
  2. 2.
    Petrovic, T., Echigo, K., Morikawa, H.: Detecting presence from a WiFi router’s electric power consumption by machine learning. IEEE Access 6, 9679–9689 (2018)CrossRefGoogle Scholar
  3. 3.
    Barnum, S.: Standardizing cyber threat intelligence information with the structured threat information expression (STIX). Mitre Corp. 11, 1–22 (2012)Google Scholar
  4. 4.
    Pawlick, J., Colbert, E., Zhu, Q.: A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy. arXiv preprint arXiv:1712.05441 (2017)
  5. 5.
    Jicha, A., Patton, M., Chen, H.: SCADA honeypots: an in-depth analysis of Conpot. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp. 196–198. IEEE (2016)Google Scholar
  6. 6.
    Mairh, A., Barik, D., Verma, K., Jena, D.: Honeypot in network security: a survey. In: Proceedings of the 2011 International Conference on Communication, Computing and Security, pp. 600–605. ACM (2011)Google Scholar
  7. 7.
    Nawrocki, M., Wählisch, M., Schmidt, T.C., Keil, C., Schönfelder, J.: A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249 (2016)
  8. 8.
    La, Q.D., Quek, T.Q., Lee, J., Jin, S., Zhu, H.: Deceptive attack and defense game in honeypot-enabled networks for the internet of things. IEEE Internet Things J. 3(6), 1025–1035 (2016)CrossRefGoogle Scholar
  9. 9.
    Williamson, S.A., Varakantham, P., Hui, O.C., Gao, D.: Active malware analysis using stochastic games. In: Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 29–36. International Foundation for Autonomous Agents and Multiagent Systems (2012)Google Scholar
  10. 10.
    Wagener, G., State, R., Dulaunoy, A., Engel, T.: Self adaptive high interaction honeypots driven by game theory. In: Guerraoui, R., Petit, F. (eds.) SSS 2009. LNCS, vol. 5873, pp. 741–755. Springer, Heidelberg (2009). Scholar
  11. 11.
    Rowe, N.C., Custy, E.J., Duong, B.T.: Defending cyberspace with fake honeypots. JCP 2(2), 25–36 (2007)Google Scholar
  12. 12.
    Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012). Scholar
  13. 13.
    Garg, N., Grosu, D.: Deception in honeynets: a game-theoretic analysis. In: 2007 IEEE SMC Information Assurance and Security Workshop, pp. 107–113. IEEE (2007)Google Scholar
  14. 14.
    Çeker, H., Zhuang, J., Upadhyaya, S., La, Q.D., Soong, B.-H.: Deception-based game theoretical approach to mitigate DoS attacks. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 18–38. Springer, Cham (2016). Scholar
  15. 15.
    Wang, K., Du, M., Maharjan, S., Sun, Y.: Strategic honeypot game model for distributed denial of service attacks in the smart grid. IEEE Trans. Smart Grid 8(5), 2474–2482 (2017)CrossRefGoogle Scholar
  16. 16.
    Wagener, G., State, R., Engel, T., Dulaunoy, A.: Adaptive and self-configurable honeypots. In: 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops, pp. 345–352. IEEE (2011)Google Scholar
  17. 17.
    Hayatle, O., Otrok, H., Youssef, A.: A game theoretic investigation for high interaction honeypots. In: 2012 IEEE International Conference on Communications (ICC), pp. 6662–6667. IEEE (2012)Google Scholar
  18. 18.
    Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. Secur. Commun. Netw. 4(10), 1162–1172 (2011)CrossRefGoogle Scholar
  19. 19.
    Pawlick, J., Zhu, Q.: Deception by design: evidence-based signaling games for network defense. arXiv preprint arXiv:1503.05458 (2015)
  20. 20.
    Li, H., Yang, X., Qu, L.: On the offense and defense game in the network honeypot. In: Lee, G. (ed.) Advances in Automation and Robotics, Vol. 2. LNEE, vol. 123, pp. 239–246. Springer, Heidelberg (2011). Scholar
  21. 21.
    Li, Y., Shi, L., Feng, H.: A game-theoretic analysis for distributed honeypots. Future Internet 11(3), 65 (2019)CrossRefGoogle Scholar
  22. 22.
    Mokube, I., Adams, M.: Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference, pp. 321–326. ACM (2007)Google Scholar
  23. 23.
    Jasek, R., Kolarik, M., Vymola, T.: APT detection system using honeypots. In: Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC 2013), pp. 25–29. WSEAS Press (2013)Google Scholar
  24. 24.
    Weiler, N.: Honeypots for distributed denial-of-service attacks. In: Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 109–114. IEEE (2002)Google Scholar
  25. 25.
    Kelly, G., Gan, D.: Analysis of attacks using a honeypot. In: International Cybercrime, Security and Digital Forensics Conference (2011)Google Scholar
  26. 26.
    Fudenberg, D., Tirole, J.: Perfect Bayesian equilibrium and sequential equilibrium. J. Econ. Theory 53(2), 236–260 (1991)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Gibbons, R.: A Primer in Game Theory. Harvester Wheatsheaf, New York (1992)zbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of SurreyGuildfordUK
  2. 2.Institute of Applied InformaticsUniversität KlagenfurtKlagenfurtAustria

Personalised recommendations