About | GAML-MuD2 IT

Overview

Deception is used is several conflicts to strategically manipulate the adversary belief, goals, and actions. Cyber deception, such as deploying honeypots, can slow the attacker, waste his time, and detect their intention. Thus, cyber deception has become a crucial strategy for misleading attackers and protecting critical assets in the digital realm. Similarly, physical deception tactics like using decoys and misinformation are used to safeguard valuable resources. Consider a multi-domain cyber psychical system where elements of the physical domain are connected to the elements of the cyber domain and security in one domain affects the other. In such scenarios, when cyber and physical security strategies are designed independently, they often lack coordination, creating vulnerabilities that adversaries can exploit across both domains. The research into single-domain security limitations and the exploration of integrated multi-domain deception and defense strategies seeks to enhance resilience and adaptability in complex security environments.

Objectives

Multi-domain deception aims to bolster the security of cyber-physical systems by designing strategies that can mislead adversaries across various operational domains. The core objective is to develop a comprehensive strategy that synchronizes deceptive tactics across the cyber and physical layer, ensuring these tactics are consistent and mutually reinforcing. This approach is vital for maintaining operational security and preventing adversaries from exploiting weaknesses in any single domain.

Joint Optimization Across Multiple Layers: The primary goal is to achieve a coordinated and optimized deception strategy across all relevant layers of operation. This ensures that the optimum deceptive actions in one domain is dependent on the deception on the other, and vice-versa. This mean that the deceptive actions cannot be optimized independently across the different domain.

Consistency Across Domains: It's crucial to maintain a consistent deception narrative across various layers. Inconsistencies or contradictions between deceptive actions in different domains could alert adversaries, thereby reducing the effectiveness of the overall strategy. Deceptive action in one domain should not contradict or undermine those in another, but instead, they reinforce each other to create a more resilient defense mechanism.

Long-Term Multi-Step Consistency: Deception strategies must remain coherent and effective over time, even as they are implemented through multiple steps or stages. This long-term consistency is essential for sustaining the deception, particularly as adversaries adapt and change their tactics.

Counter-Deception Strategies: In an adversarial setting, it's essential to consider a multi-domain game setting that also anticipates and counters adversaries' deceptive tactics. Intelligent adversaries can attempt to deceive the adversary. We would like to develop robust counter deception strategies to ensure that the defense remains effective even when adversaries attempt to mislead or manipulate the system.

Challenges

Scalability and Computational Efficiency

The algorithm to evaluate the player strategies in large scale multi-domain deception games should be efficient. The large number of player actions that arise due to interaction between domains mean that some of the usual game solving methods may be inadequate.

Coordination Across Domains

One of the biggest challenges is coordinating deceptive strategies across diverse domains, each with its unique characteristics and vulnerabilities. Cyber and physical layers, for instance, require different approaches, yet they must work together seamlessly to ensure the deception is convincing. Moreover, the problem is more than the sum of its parts. The cartesian product of the action spaces in the physical and cyber domains for a player may not accurately capture the multi-domain game, and new actions may have to be considered that handle the interaction between the two domains.

Resource Efficiency

The deception strategy must be resource-efficient, balancing the benefits of deception with the costs and risks associated with its implementation.

Research Methods

Selected methodological options are

Game-Theoretic Approaches

Game theoretic frameworks are useful to model these multi-domain deception scenarios since it includes adversarial players. Game theory is extensively used to model interactions between defenders and adversaries. By predicting potential adversarial moves and their responses to deception, game theory helps in developing strategies that are more likely to succeed in real-world scenarios. In [1] and [2], a multi-layer game representing a cyber-physical system is presented where a defender must protect a set of resources from an adversary. The defender employs deceptive actions in both the cyber and physical domains. The two domains are interconnected, and the players’ payoffs depend on their actions across both domains.

Double-Oracle and Iterative Algorithms

To efficiently solve the complex multi-domain deception problems, advanced algorithms such as double-oracle techniques are utilized such as in [2]. These algorithms iteratively refine the strategy space, focusing on the most relevant strategies, which allows for more targeted and efficient deception.

Machine Learning

Machine learning algorithms are increasingly employed to analyze patterns in large datasets, enabling the prediction of adversary behavior and the real-time adaptation of deception strategies [3]. This approach enhances the ability to deploy timely and effective deception tactics.

References

A.H. Anwar, A. B. Asghar, C. Kamhoua, J. Kleinberg, "A Game Theoretic Framework for Multi Domain Cyber Deception," IEEE European Symposium on Security and Privacy Workshops, 2024.
A. B. Asghar, A.H. Anwar, C. Kamhoua, J. Kleinberg, "A Scalable Double-Oracle Algorithm for Multi-Domain Deception Game," IEEE Conference on Communications and Network Security, 2024 [to appear].
S. McAleer, J. B. Lanier, K. A. Wang, P. Baldi, and R. Fox, "XDO: A double oracle algorithm for extensive-form games," Advances in Neural Information Processing Systems, vol. 34, pp. 23128-23139, 2021.
A. H. Anwar, C. Kamhoua, and N. Leslie, “A game-theoretic framework for dynamic cyber deception in Internet of Battlefield Things,” in EAI Int’l Conf. on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 522–526, 2019.
A. H. Anwar, C. Kamhoua, and N. Leslie, “Honeypot allocation over attack graphs in cyber deception games,” in Int’l Conf. on Computing, Networking and Communications, pp. 502–506, 2020
A. J. Mendez, “A classic case of deception,” Studies in Intelligence, Journal of the American Intelligence Professional, Winter, vol. 2000, 1999.
M. Johnson and J. Meyeraan, “Military deception: Hiding the real-showing the fake,” USAF Joint Forces Staff College, Joint and Combined Warfighting School, vol. 7, 2003.
M. Jain, D. Korzhyk, O. Vanˇek, V. Conitzer, M. Pˇechouˇcek, and M. Tambe, “A double oracle algorithm for zero-sum security games on graphs,” in The 10th International Conference on Autonomous Agents and Multiagent Systems, pp. 327–334, 2011.
M. Zhu, A. H. Anwar, Z. Wan, J.-H. Cho, C. A. Kamhoua, and M. P. Singh, "A survey of defensive deception: Approaches using game theory and machine learning," IEEE Communications Surveys & Tutorials, vol. 23, no. 4, pp. 2460-2493, 2021.
A. Alshammari, D. B. Rawat, M. Garuba, C. A. Kamhoua, and L. L. Njilla, "Deception for cyber adversaries: status, challenges, and perspectives," in Modeling and Design of Secure Internet of Things, pp. 141-160, Wiley Online Library, 2020.