Cyber Deception against Zero-day Attacks: A Game Theoretic Approach

TL;DR

This paper introduces a game-theoretic model for deploying honeypots to defend against zero-day attacks, accounting for attackers' ability to create new attack paths and evaluating mitigation strategies.

Contribution

It develops a novel game-theoretic framework for honeypot allocation that considers zero-day vulnerabilities and proposes mitigation strategies based on sensitivity analysis.

Findings

The model effectively predicts attacker reconnaissance paths.

Sensitivity analysis reveals key vulnerabilities affecting defense performance.

Proposed strategies improve network resilience against zero-day attacks.

Abstract

Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by misrepresenting the true state of the network. Existing work on cyber deception does not model zero-day attacks. In this paper, we address the question of "How to allocate honeypots over the network?" to protect its most valuable assets. To this end, we develop a two-player zero-sum game theoretic approach to study the potential reconnaissance tracks and attack paths that attackers may use. However, zero-day attacks allow attackers to avoid placed honeypots by creating new attack paths. Therefore, we introduce a sensitivity analysis to investigate the impact of different zero-day vulnerabilities on the performance of the proposed deception technique. Next, we propose several mitigating strategies to defend the network against zero-day attacks based on this analysis. Finally, our numerical results validate our findings and illustrate the effectiveness of the proposed defense approach.