Game-theoretic Foundations for the
Strategic Use of Honeypots in
Network Security
C Kiekintveld, V Lisy, and Radek Pibil
Chapter in Cyber Warfare: Building the Scientific
Foundation, edited by Jajodia et al. in Advances In
Information Security (56), 2015.
This is the author's version of the work.
Download
Abstract
An important element in the mathematical and scientific foundations
for security is modeling the strategic use of deception and information
manipulation. We argue that game theory provides an important theoretical
framework for reasoning about information manipulation in adversarial settings,
including deception and randomization strategies. In addition, game
theory has practical uses in determining optimal strategies for randomized
patrolling and resource allocation. We discuss three game-theoretic models
that capture aspects of how honeypots can be used in network security. Honeypots
are fake hosts introduced into a network to gather information about
attackers and to distract them from real targets. They are a limited resource,
so there are important strategic questions about how to deploy them to the
greatest effect, which is fundamentally about deceiving attackers into choosing
fake targets instead of real ones to attack. We describe several game
models that address strategies for deploying honeypots, including a basic
honeypot selection game, an extension of this game that allows additional
probing actions by the attacker, and finally a version in which
attacker strategies are represented using attack graphs. We conclude with a discussion of the strengths and limitations of game theory in the context of network security.
