Game Theoretic Model of Strategic Honeypot Allocation in Computer Networks
R Pibil, V Lisy, C Kiekintveld, B Bosansky, and M Pechoucek
In Proceedings of the Third International Conference on Decision and Game Theory for Security (GameSec 2012).
This is the author's version of the work.
Download
Abstract
A honeypot is a decoy computer system used in network security to waste the time and resources of attackers and to analyze their
behaviors. While there has been significant research on how to design
honeypot systems, less is known about how to use honeypots strategically in network defense. We develop game-theoretic models that provide
insight into how honeypots can be used to maximal effect to deceive and
delay potential attackers. Our model generalizes previous work on decep-
tion games for honeypots by introducing differential values for network
services and honeypot systems. We also introduce an extension that allows attackers to systematically probe multiple systems on a network to
determine which ones are likely to be real systems (and not honeypots)
before launching an attack. We provide linear programs for solving instances of these games, and analyze the properties of optimal solutions,
leading to faster calculations. We present an empirical study of the models to better understand strategic issues related to honeypots.
