Deception by Design: Evidence-Based Signaling Games for Network Defense
This work addresses network security challenges for defenders by providing a game-theoretic model, though it is incremental as it builds on existing signaling game frameworks.
The paper tackles the problem of designing deception mechanisms for network defense, specifically using honeypots, and finds that a defender's utility can sometimes increase when adversaries develop deception detection abilities, with numerical results showing elimination of pure-strategy equilibria in some cases.
Deception plays a critical role in the financial industry, online markets, national defense, and countless other areas. Understanding and harnessing deception - especially in cyberspace - is both crucial and difficult. Recent work in this area has used game theory to study the roles of incentives and rational behavior. Building upon this work, we employ a game-theoretic model for the purpose of mechanism design. Specifically, we study a defensive use of deception: implementation of honeypots for network defense. How does the design problem change when an adversary develops the ability to detect honeypots? We analyze two models: cheap-talk games and an augmented version of those games that we call cheap-talk games with evidence, in which the receiver can detect deception with some probability. Our first contribution is this new model for deceptive interactions. We show that the model includes traditional signaling games and complete information games as special cases. We also demonstrate numerically that deception detection sometimes eliminate pure-strategy equilibria. Finally, we present the surprising result that the utility of a deceptive defender can sometimes increase when an adversary develops the ability to detect deception. These results apply concretely to network defense. They are also general enough for the large and critical body of strategic interactions that involve deception.