Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment

Siddhant Bhambri, Purv Chauhan, Frederico Araujo, Adam Doupé, Subbarao Kambhampati

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Identifying the actual adversarial threat against a system vulnerability has been a long-standing challenge for cybersecurity research. To determine an optimal strategy for the defender, game-theoretic based decision models have been widely used to simulate the real-world attacker-defender scenarios while taking the defender’s constraints into consideration. In this work, we focus on understanding human attacker behaviors in order to optimize the defender’s strategy. To achieve this goal, we model attacker-defender engagements as Markov Games and search for their Bayesian Stackelberg Equilibrium. We validate our modeling approach and report our empirical findings using a Capture-The-Flag (CTF) setup, and we conduct user studies on adversaries with varying skill-levels. Our studies show that application-level deceptions are an optimal mitigation strategy against targeted attacks—outperforming classic cyber-defensive maneuvers, such as patching or blocking network requests. We use this result to further hypothesize over the attacker’s behaviors when trapped in an embedded honeypot environment and present a detailed analysis of the same.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings
EditorsFei Fang, Haifeng Xu, Yezekael Hayel
PublisherSpringer Science and Business Media Deutschland GmbH
Pages87-106
Number of pages20
ISBN (Print)9783031263682
DOIs
StatePublished - 2023
Event13th International Conference on Decision and Game Theory for Security, GameSec 2022 - Pittsburgh, United States
Duration: Oct 26 2022Oct 28 2022

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13727 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference13th International Conference on Decision and Game Theory for Security, GameSec 2022
Country/TerritoryUnited States
CityPittsburgh
Period10/26/2210/28/22

Keywords

  • Adversarial behavior
  • Capture-The-Flag
  • Markov Games

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment'. Together they form a unique fingerprint.

Cite this