A three-party attack-defense deception game model based on evolutionary

Abstract

A three-party evolutionary game model is constructed by combining the cyber deception, the defender (intrusion detection system), and the attacker. The attackers choose attack strategies to gain greater benefits. The cyber deception can induce attackers to attack fake vulnerabilities, so as capture and analyze the attackers' intentions. The defenders use the captured attacker information to adjust their defense strategies and improve detection of attacks. Using cyber deception to enhance the defender choice of strategy, reduce attacker's profit, enable defender to play their own superior strategy, reduce node resource overhead, and prolong network survival time. Through the capture and feature extraction of attacker's attack information, the attack feature database of intrusion detection system is improved, and the detection probability of the attack by the defender is increased. According to the simulation results, the cyber deception can provide the defender with the attacker's attack information in the process of attack and defense, increase the probability of the defender's successful defense, speed up the convergence speed of the optimal defense strategy, and reduce the convergence speed of the attacker's optimal strategy. It is proved that the cyber deception as a third-party participant can effectively help the defender to protect the security of the network.