Learning Generative Deception Strategies in Combinatorial Masking Games

TL;DR

This paper introduces a game-theoretic model for cyber deception through masking attributes, and proposes scalable neural network methods to approximate equilibrium strategies, enhancing defense against cyberattacks.

Contribution

It develops a novel combinatorial game model for deception strategies and introduces a neural network-based scalable solution for computing approximate equilibria.

Findings

The linear program formulation captures complex defender-attacker interactions.

Neural network approach effectively approximates equilibrium strategies.

Experimental results demonstrate the method's scalability and effectiveness.

Abstract

Deception is a crucial tool in the cyberdefence repertoire, enabling defenders to leverage their informational advantage to reduce the likelihood of successful attacks. One way deception can be employed is through obscuring, or masking, some of the information about how systems are configured, increasing attacker's uncertainty about their targets. We present a novel game-theoretic model of the resulting defender-attacker interaction, where the defender chooses a subset of attributes to mask, while the attacker responds by choosing an exploit to execute. The strategies of both players have combinatorial structure with complex informational dependencies, and therefore even representing these strategies is not trivial. First, we show that the problem of computing an equilibrium of the resulting zero-sum defender-attacker game can be represented as a linear program with a combinatorial number of system configuration variables and constraints, and develop a constraint generation approach for solving this problem. Next, we present a novel highly scalable approach for approximately solving such games by representing the strategies of both players as neural networks. The key idea is to represent the defender's mixed strategy using a deep neural network generator, and then using alternating gradient-descent-ascent algorithm, analogous to the training of Generative Adversarial Networks. Our experiments, as well as a case study, demonstrate the efficacy of the proposed approach.