Game Theory for Cyber Deception
Devices in the IoT must decide whether to trust other agents that may be self-interested or malicious. Game theory can be used to study interdependent strategic decisions. Chapter 5 studies obfuscation used to protect information privacy.
Defenders can augment traditional security techniques with active defense: "synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities" [DoD 2011]. Chapter 6-7 study honeypots and dynamic honeynets.
Defending the Internet of controlled things (IoCT) requires a multi-layer approach that is capable of protecting both cyber and physical resources. Chapter 8 studies cyber-physical transportation security.
Attackers often send deceptive messages to many devices, searching for low-hanging fruit. Assessing the population-based risk demands decision-making models that handle large numbers of agents with varying abilities to detect deception. For this purpose, Chapter 9 proposes Poisson signaling games.
This book [Pawlick and Zhu 2021] uses game theory to conceptualize, model, and analyze cyber deception. Drawing upon a collection of deception research from the past 10 years, the authors develop a taxonomy of six species of defensive cyber deception. Three of these six species are highlighted in the context of emerging problems such as privacy against ubiquitous tracking in the Internet of things (IoT), dynamic honeynets for the observation of advanced persistent threats (APTs), and active defense against physical denial-of-service (PDoS) attacks. Because of its uniquely thorough treatment of cyber deception, this book will serve as a timely contribution and valuable resource in this active field.
The book is well-suited for both security practitioners interested in game theory and researchers or students with a background in game theory looking to enter cybersecurity.
Book Table of contents
Part I Fundamentals
Nash and Stackelberg Games
Introduction to Incomplete Information
Part II Defensive Deception
A Taxonomy of Defensive Deception
Part III Mitigation of Malicious Deception
Active Crowd Defense
Part IV Challenges and Opportunities in Cyber Deception
Insights and Future Directions
Current Challenges in Cyber Deception