Game Theoretic Model of Strategic Honeypot Selection in Computer Networks

  • Radek Píbil
  • Viliam Lisý
  • Christopher Kiekintveld
  • Branislav Bošanský
  • Michal Pěchouček
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7638)


A honeypot is a decoy computer system used in network security to waste the time and resources of attackers and to analyze their behaviors. While there has been significant research on how to design honeypot systems, less is known about how to use honeypots strategically in network defense. Based on formal deception games, we develop two game-theoretic models that provide insight into how valuable should honeypots look like to maximize the probability that a rational attacker will attack a honeypot. The first model captures a static situation and the second allows attackers to imperfectly probe some of the systems on the network to determine which ones are likely to be real systems (and not honeypots) before launching an attack. We formally analyze the properties of the optimal strategies in the games and provide linear programs for their computation. Finally, we present the optimal solutions for a set of instances of the games and evaluate their quality in comparison to several baselines.


honeypots game theory network security deception 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)Google Scholar
  2. 2.
    Dornseif, M., Holz, T., Klein, C.N.: NoSEBrEaK - attacking honeynets. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 123–129 (June 2004)Google Scholar
  3. 3.
    Garg, N., Grosu, D.: Deception in Honeynets: A Game-Theoretic Analysis. In: IEEE Information Assurance Workshop, pp. 107–113 (2007)Google Scholar
  4. 4.
    McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: Software Tools for Game Theory. Technical report, Version 0.2010.09.01 (2010)Google Scholar
  5. 5.
    Wagener, G., State, R., Dulaunoy, A., Engel, T.: Self Adaptive High Interaction Honeypots Driven by Game Theory. In: Guerraoui, R., Petit, F. (eds.) SSS 2009. LNCS, vol. 5873, pp. 741–755. Springer, Heidelberg (2009), CrossRefGoogle Scholar
  6. 6.
    Williamson, S.A., Varakantham, P., Hui, O.C., Gao, D.: Active Malware Analysis Using Stochastic Games. In: Proceedings of AAMAS, pp. 29–36 (2012)Google Scholar
  7. 7.
    Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. Security and Communication Networks 4(10), 1162–1172 (2011)CrossRefGoogle Scholar
  8. 8.
    Hausken, K., Levitin, G.: Protection vs. false targets in series systems. Reliability Engineering & System Safety 94(5), 973–981 (2009)CrossRefGoogle Scholar
  9. 9.
    Shoham, Y., Leyton-Brown, K.: Multiagent Systems: Algorithmic, Game-Theoretic, and Logical Foundations, pp. 130–144. Cambridge University Press (2009)Google Scholar
  10. 10.
    Paruchuri, P., Pearce, J., Marecki, J., Tambe, M., Ordonez, F., Kraus, S.: Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games. In: Proceedings of AAMAS, pp. 895–902 (2008)Google Scholar
  11. 11.
    Spencer, J.: A deception game. American Mathematical Monthly, 416–417 (1973)Google Scholar
  12. 12.
    Lee, K.: On a deception game with three boxes. Int. Jour. of Game Theory 22(2), 89–95 (1993)zbMATHCrossRefGoogle Scholar
  13. 13.
    Cohen, F.: A Mathematical Structure of Simple Defensive Network Deception. Computers & Security 19(6), 520–528 (2000)CrossRefGoogle Scholar
  14. 14.
    von Stengel, B.: Efficient Computation of Behavior Strategies. Games and Economic Behavior 14(2), 220–246 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Koller, D., Megiddo, N., von Stengel, B.: Efficient Computation of Equilibria for Extensive Two-Person Games. Games and Economic Behavior 14(2), 247–259 (1996)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Radek Píbil
    • 1
  • Viliam Lisý
    • 1
  • Christopher Kiekintveld
    • 2
  • Branislav Bošanský
    • 1
  • Michal Pěchouček
    • 1
  1. 1.Agent Technology Center, Department of Computer Science and Engineering, Faculty of Electrical EngineeringCzech Technical University in PragueCzech Republic
  2. 2.Department of Computer ScienceUniversity of Texas at El Paso (UTEP)United States of America

Personalised recommendations