Abstract
Existing moving target defense (MTD) and decoy systems are conceptually limited in avoiding and preventing attackers’ social-engineering real-time attacks by organization through either structural mutations or induction and isolation only using static traps. To overcome the practical limitations of existing MTD and decoy and to conduct a multi-stage deception decision-making in a real-time attack-defense competition, the current work presents a social-engineering organizational defensive deception game (SOD2G) as a framework, consi dering hierarchical topologies and fingerprint characteristics by organization. The present work proposed and applied deception concepts and zero-sum-based two-player game models as well as attacker and defender decision-making process based on deceivable organizational environments and vulnerability information. They were designed in consideration of limited organizational resources so that they could converge in the positive direction to secure organizational defender dominant share and optimal values of the defender deception formulated by both scenario and attribute. This framework could handle incomplete private information better than existing models and non-sequentially stratified, and also contributed to the configuration of the optimal defender deception strategy. As the experimental results, they could increase the deception efficiency within an organization by about 40% compared to existing models. Also, in the sensitivity analysis, the proposed MTD and decoy yielded improvements of at least 60% and 30% in deception efficiency, respectively, compared to the existing works.
Highlights
Defensive cyber deception [1,2] is a type of non-cooperative decision-making contaminating technology that involves manipulating the cognitive perspective of potential attackers and deceiving them so that they continuously construct and maintain erroneous post-action strategies
Results of SOD2G experiments based on Scenario 3 related to the operation strategies of multiple unified threat management (UTM) and firewall solutions triplicated based on vertical redundancy, horizontal diversity, and hosts considering restorability and resilience by cloning candidate images based on snapshots are compared and analyzed
Organizational Mixed improved defense efficiency by 39% at the maximum and 7% at the minimum compared to Mixed and converged as a sharp negative gradient when the discount factor was in the range of 0.75 to 0.8, whereby it was derived to be between −60 and −135
Summary
Defensive cyber deception [1,2] is a type of non-cooperative decision-making contaminating technology that involves manipulating the cognitive perspective of potential attackers and deceiving them so that they continuously construct and maintain erroneous post-action strategies. MTD has been combined with decisionmaking strategies among decision-making entities in areas such as game theory [11,12,13,14], MDP (Markov decision process) [15,16,17,18], and machine learning [19,20,21,22] It has been combined with the learning theory for benefit optimization between attacks and defenses to achieve diverse optimized mutation strategies and deception thresholds while attenuating effects of intrusion by cyber kill chain (CKC) [23] stage and surface spaces. This MTD has been combined with other elements such as Honey-X and Decoy
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
