A Theory of Hypergames on Graphs for Synthesizing Dynamic Cyber Defense with Deception

TL;DR

This paper develops a formal game-theoretic framework using hypergames on graphs to synthesize dynamic cyber defense strategies with deception, leveraging decoys to exploit attacker misperception and enhance security.

Contribution

It introduces a novel hypergame model on attack-defend graphs incorporating deception, extending reactive synthesis methods for dynamic cyber defense strategy generation.

Findings

Hypergames effectively model asymmetric attacker-defender information.

Deception strategies improve security satisfaction under asymmetric information.

Formal synthesis methods enable automated defense strategy generation.

Abstract

In this chapter, we present an approach using formal methods to synthesize reactive defense strategy in a cyber network, equipped with a set of decoy systems. We first generalize formal graphical security models--attack graphs--to incorporate defender's countermeasures in a game-theoretic model, called an attack-defend game on graph. This game captures the dynamic interactions between the defender and the attacker and their defense/attack objectives in formal logic. Then, we introduce a class of hypergames to model asymmetric information created by decoys in the attacker-defender interactions. Given qualitative security specifications in formal logic, we show that the solution concepts from hypergames and reactive synthesis in formal methods can be extended to synthesize effective dynamic defense strategy using cyber deception. The strategy takes the advantages of the misperception of the attacker to ensure security specification is satisfied, which may not be satisfiable when the information is symmetric.