The document discusses duplicity games and mechanism design for cyber deception to mitigate insider threats. It proposes a game theoretic model where a defender designs a feature generator to manipulate a user's beliefs and incentivize secure actions. The generator includes components for belief manipulation and incentive modulation. The design ensures the user has no incentive to deviate from the recommended security policy. Principles are discussed for jointly designing the generator, belief manipulator, and incentive modulator to manage incentives and achieve deterrence.
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Duplicity Games and Cyber Deception Design
1. Duplicity Games for Deception Design With an
Application to Insider Threat Mitigation
Linan Huang and Quanyan Zhu
2022 INFORMS Annual Conference
October 17, 2022
16. There is a need for a theory for Cyber Deception Mechanism Design.
Theory can go beyond the design of generator.
• Belief/Trust Manipulator: e.g., changing honeypot percentage
• Feature Generator: e.g., configuring honeypots and normal servers
• Incentive Modulator: e.g., using multi-step authentication
How to Design the Generator?
18. Cyber deception (with focus on honeypots):
Evasion risk [Spitzner 2003], Intelligence [Wagener et al. 2009, 2011], Engagement [Pawlick et
al.19’], Detection risk [Dowling et al. 2019], Resource consumption [Akiyama et al. 2012], False
positives [Qassrawi & Zhang 2010] , Strategic design [Pawlick et al. 2021], etc.
Compliance and mechanism design:
Insider Threat Mitigation Guide [CISA 2020]; The Critical Role of Positive Incentives for Reducing
Insider Threats [CERT/CMU 2016]
Mitigating inadvertent insider threats with incentives [Liu et al. 2009]; Compliance control [Casey, et
al. 2015], ZETAR [Huang and Zhu 2022]; etc.
Literature
19. Generator Design Problem: Defender’s Problem
The defender designs a utility-maximizing generator so that the user has no
incentive to deviate from the recommendation.
20. Dual Formulation: User’s Problem
The user minimizes his expected effort to satisfy the defender’s security objective.
21. User’s action
𝑎 ∈ 𝐴
User’s type
𝜃 ∈ Θ
K actions and M types 𝐾𝑀 possible security policies
Only 𝜒(𝐾, 𝑀, 𝑁) are enforceable.
−$$ $$
−$ $$$
Always exists one optimal generator that only relies on 𝑁 security policies.
Feasibility of Generators: Enforceable Policies
22. • Incentive Threshold (IT): Uncontrollable if the majority of insiders are adversarial.
• Deterrence Threshold (DT): Uncontrollable if there is an insufficient number of honeypots.
Incentive
Threshold
Deterrence
Threshold
How does the percentage or probability of honeypots and (negligent) insiders
affect defender’s utility?
23. If < IT && <DT, then the design of the generator is insufficient to deter an insider.
Zero Trust Margin → Cannot be incentivized
Deterrence Capacity
24. Defender’s utility structure = user’s utility structure
Defender’s utility structure = -user’s utility structure
No deception needed: Reveal full information
Maximum deception needed: Reveal zero information
Manageability of Incentive Modulator: Designing the Reward
25. No deception needed: Reveal full information
Maximum deception needed: Reveal zero information
Defender’s utility structure = 𝜌𝑠 user’s utility structure + 𝜌𝑑
Only the sign of 𝜌𝑠 matters.
𝜌𝑠 > 0
𝜌𝑠 < 0
Manageability under Linearly dependent utility structure
26. Principles for Joint Design of GMM
Extension to Multi-Dimensional Mechanism Designs
The defender can design reward independently.
Separation Principle
Design Information + Trust = Design Trust
Equivalence Principle
28. • Duplicity game for designing cognitive honeypots
• Strategic and incentive-compatible Insider threat mitigation
• Enforceability, manageability, and deterrence
• Online and learning-based implementation
Conclusions
Huang, L. and Zhu, Q., 2021. Duplicity games for deception design with an application to insider threat
mitigation. IEEE Transactions on Information Forensics and Security, 16, pp.4843-4856.
29. Five Generations of Security Paradigms
1G-SP: Laissez-Faire Security
2G-SP: Perimeter Security
3G-SP: Reactive Security
4G-SP: Proactive Security
5G-SP: Federated Security
Five Generations of Security Paradigms (SPs)
30. 4G-SP: Proactive Security 5G-SP: Federated Security
Emergence of AI-Powered Attacks
Incorporate AI and system science to develop cognitive honeypots for 5G-SP
Consolidation of Strategic, Proactive,
and Autonomous Defense