Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment

Siddhant Bhambri; Purv Chauhan; Frederico Araujo; Adam Doupé; Subbarao Kambhampati

doi:10.1007/978-3-031-26369-9_5

Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment

Siddhant Bhambri, Purv Chauhan, Frederico Araujo, Adam Doupé, Subbarao Kambhampati

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Identifying the actual adversarial threat against a system vulnerability has been a long-standing challenge for cybersecurity research. To determine an optimal strategy for the defender, game-theoretic based decision models have been widely used to simulate the real-world attacker-defender scenarios while taking the defender’s constraints into consideration. In this work, we focus on understanding human attacker behaviors in order to optimize the defender’s strategy. To achieve this goal, we model attacker-defender engagements as Markov Games and search for their Bayesian Stackelberg Equilibrium. We validate our modeling approach and report our empirical findings using a Capture-The-Flag (CTF) setup, and we conduct user studies on adversaries with varying skill-levels. Our studies show that application-level deceptions are an optimal mitigation strategy against targeted attacks—outperforming classic cyber-defensive maneuvers, such as patching or blocking network requests. We use this result to further hypothesize over the attacker’s behaviors when trapped in an embedded honeypot environment and present a detailed analysis of the same.

Original language	English (US)
Title of host publication	Decision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings
Editors	Fei Fang, Haifeng Xu, Yezekael Hayel
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	87-106
Number of pages	20
ISBN (Print)	9783031263682
DOIs	https://doi.org/10.1007/978-3-031-26369-9_5
State	Published - 2023
Event	13th International Conference on Decision and Game Theory for Security, GameSec 2022 - Pittsburgh, United States Duration: Oct 26 2022 → Oct 28 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13727 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	13th International Conference on Decision and Game Theory for Security, GameSec 2022
Country/Territory	United States
City	Pittsburgh
Period	10/26/22 → 10/28/22

Keywords

Adversarial behavior
Capture-The-Flag
Markov Games

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-031-26369-9_5

Cite this

Bhambri, S., Chauhan, P., Araujo, F., Doupé, A., & Kambhampati, S. (2023). Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment. In F. Fang, H. Xu, & Y. Hayel (Eds.), Decision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings (pp. 87-106). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13727 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-26369-9_5

Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment. / Bhambri, Siddhant; Chauhan, Purv; Araujo, Frederico et al.
Decision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings. ed. / Fei Fang; Haifeng Xu; Yezekael Hayel. Springer Science and Business Media Deutschland GmbH, 2023. p. 87-106 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13727 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Bhambri, S, Chauhan, P, Araujo, F, Doupé, A & Kambhampati, S 2023, Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment. in F Fang, H Xu & Y Hayel (eds), Decision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13727 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 87-106, 13th International Conference on Decision and Game Theory for Security, GameSec 2022, Pittsburgh, United States, 10/26/22. https://doi.org/10.1007/978-3-031-26369-9_5

Bhambri S, Chauhan P, Araujo F, Doupé A , Kambhampati S. Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment. In Fang F, Xu H, Hayel Y, editors, Decision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 87-106. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-26369-9_5

Bhambri, Siddhant ; Chauhan, Purv ; Araujo, Frederico et al. / Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment. Decision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings. editor / Fei Fang ; Haifeng Xu ; Yezekael Hayel. Springer Science and Business Media Deutschland GmbH, 2023. pp. 87-106 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a4650808a987450990b90eb1d8d43e2a,

title = "Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment",

abstract = "Identifying the actual adversarial threat against a system vulnerability has been a long-standing challenge for cybersecurity research. To determine an optimal strategy for the defender, game-theoretic based decision models have been widely used to simulate the real-world attacker-defender scenarios while taking the defender{\textquoteright}s constraints into consideration. In this work, we focus on understanding human attacker behaviors in order to optimize the defender{\textquoteright}s strategy. To achieve this goal, we model attacker-defender engagements as Markov Games and search for their Bayesian Stackelberg Equilibrium. We validate our modeling approach and report our empirical findings using a Capture-The-Flag (CTF) setup, and we conduct user studies on adversaries with varying skill-levels. Our studies show that application-level deceptions are an optimal mitigation strategy against targeted attacks—outperforming classic cyber-defensive maneuvers, such as patching or blocking network requests. We use this result to further hypothesize over the attacker{\textquoteright}s behaviors when trapped in an embedded honeypot environment and present a detailed analysis of the same.",

keywords = "Adversarial behavior, Capture-The-Flag, Markov Games",

author = "Siddhant Bhambri and Purv Chauhan and Frederico Araujo and Adam Doup{\'e} and Subbarao Kambhampati",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 13th International Conference on Decision and Game Theory for Security, GameSec 2022 ; Conference date: 26-10-2022 Through 28-10-2022",

year = "2023",

doi = "10.1007/978-3-031-26369-9_5",

language = "English (US)",

isbn = "9783031263682",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "87--106",

editor = "Fei Fang and Haifeng Xu and Yezekael Hayel",

booktitle = "Decision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Using Deception in Markov Game to Understand Adversarial Behaviors Through a Capture-The-Flag Environment

AU - Bhambri, Siddhant

AU - Chauhan, Purv

AU - Araujo, Frederico

AU - Doupé, Adam

AU - Kambhampati, Subbarao

PY - 2023

Y1 - 2023

N2 - Identifying the actual adversarial threat against a system vulnerability has been a long-standing challenge for cybersecurity research. To determine an optimal strategy for the defender, game-theoretic based decision models have been widely used to simulate the real-world attacker-defender scenarios while taking the defender’s constraints into consideration. In this work, we focus on understanding human attacker behaviors in order to optimize the defender’s strategy. To achieve this goal, we model attacker-defender engagements as Markov Games and search for their Bayesian Stackelberg Equilibrium. We validate our modeling approach and report our empirical findings using a Capture-The-Flag (CTF) setup, and we conduct user studies on adversaries with varying skill-levels. Our studies show that application-level deceptions are an optimal mitigation strategy against targeted attacks—outperforming classic cyber-defensive maneuvers, such as patching or blocking network requests. We use this result to further hypothesize over the attacker’s behaviors when trapped in an embedded honeypot environment and present a detailed analysis of the same.

AB - Identifying the actual adversarial threat against a system vulnerability has been a long-standing challenge for cybersecurity research. To determine an optimal strategy for the defender, game-theoretic based decision models have been widely used to simulate the real-world attacker-defender scenarios while taking the defender’s constraints into consideration. In this work, we focus on understanding human attacker behaviors in order to optimize the defender’s strategy. To achieve this goal, we model attacker-defender engagements as Markov Games and search for their Bayesian Stackelberg Equilibrium. We validate our modeling approach and report our empirical findings using a Capture-The-Flag (CTF) setup, and we conduct user studies on adversaries with varying skill-levels. Our studies show that application-level deceptions are an optimal mitigation strategy against targeted attacks—outperforming classic cyber-defensive maneuvers, such as patching or blocking network requests. We use this result to further hypothesize over the attacker’s behaviors when trapped in an embedded honeypot environment and present a detailed analysis of the same.

KW - Adversarial behavior

KW - Capture-The-Flag

KW - Markov Games

UR - http://www.scopus.com/inward/record.url?scp=85151117941&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85151117941&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-26369-9_5

DO - 10.1007/978-3-031-26369-9_5

M3 - Conference contribution

AN - SCOPUS:85151117941

SN - 9783031263682

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 87

EP - 106

BT - Decision and Game Theory for Security - 13th International Conference, GameSec 2022, Proceedings

A2 - Fang, Fei

A2 - Xu, Haifeng

A2 - Hayel, Yezekael

PB - Springer Science and Business Media Deutschland GmbH

T2 - 13th International Conference on Decision and Game Theory for Security, GameSec 2022

Y2 - 26 October 2022 through 28 October 2022

ER -