A Theory of Hypergames on Graphs for Synthesizing Dynamic Cyber Defense with Deception
This work addresses the challenge of enhancing cybersecurity for network defenders by enabling the synthesis of effective deception-based defense strategies, representing an incremental advancement in formal methods for security.
The authors tackled the problem of synthesizing dynamic cyber defense strategies with deception by modeling asymmetric information in attacker-defender interactions using hypergames on graphs, showing that this approach can satisfy security specifications that are not achievable under symmetric information.
In this chapter, we present an approach using formal methods to synthesize reactive defense strategy in a cyber network, equipped with a set of decoy systems. We first generalize formal graphical security models--attack graphs--to incorporate defender's countermeasures in a game-theoretic model, called an attack-defend game on graph. This game captures the dynamic interactions between the defender and the attacker and their defense/attack objectives in formal logic. Then, we introduce a class of hypergames to model asymmetric information created by decoys in the attacker-defender interactions. Given qualitative security specifications in formal logic, we show that the solution concepts from hypergames and reactive synthesis in formal methods can be extended to synthesize effective dynamic defense strategy using cyber deception. The strategy takes the advantages of the misperception of the attacker to ensure security specification is satisfied, which may not be satisfiable when the information is symmetric.