A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy

Jeffrey Pawlick, Edward Colbert, Quanyan Zhu

Research output: Contribution to journalArticle

Abstract

Cyberattacks on both databases and critical infrastructure have threatened public and private sectors. Ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this article, we survey 24 articles from 2008 to 2018 that use game theory to model defensive deception for cybersecurity and privacy. Then, we propose a taxonomy that defines six types of deception: perturbation, moving target defense, obfuscation, mixing, honey-x, and attacker engagement. These types are delineated by their information structures, agents, actions, and duration: precisely concepts captured by game theory. Our aims are to rigorously define types of defensive deception, to capture a snapshot of the state of the literature, to provide a menu of models that can be used for applied research, and to identify promising areas for future work. Our taxonomy provides a systematic foundation for understanding different types of defensive deception commonly encountered in cybersecurity and privacy.

Original languageEnglish (US)
Article number82
JournalACM Computing Surveys
Volume52
Issue number4
DOIs
StatePublished - Aug 1 2019

Fingerprint

Deception
Game theory
Taxonomies
Taxonomy
Privacy
Game
Critical infrastructures
Game Theory
Engineers
Wearable Computing
Information Asymmetry
Obfuscation
Critical Infrastructure
Information Structure
Moving Target
Snapshot
Leverage
Sector
Perturbation
Term

Keywords

  • Attacker engagement
  • Cybersecurity
  • Deception
  • Game theory
  • Honeypot
  • Mix network
  • Moving target defense
  • Obfuscation
  • Perturbation
  • Privacy
  • Survey
  • Taxonomy

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy. / Pawlick, Jeffrey; Colbert, Edward; Zhu, Quanyan.

In: ACM Computing Surveys, Vol. 52, No. 4, 82, 01.08.2019.

Research output: Contribution to journalArticle

@article{784eba445d1243f0b1eea9a2b5cf5692,
title = "A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy",
abstract = "Cyberattacks on both databases and critical infrastructure have threatened public and private sectors. Ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this article, we survey 24 articles from 2008 to 2018 that use game theory to model defensive deception for cybersecurity and privacy. Then, we propose a taxonomy that defines six types of deception: perturbation, moving target defense, obfuscation, mixing, honey-x, and attacker engagement. These types are delineated by their information structures, agents, actions, and duration: precisely concepts captured by game theory. Our aims are to rigorously define types of defensive deception, to capture a snapshot of the state of the literature, to provide a menu of models that can be used for applied research, and to identify promising areas for future work. Our taxonomy provides a systematic foundation for understanding different types of defensive deception commonly encountered in cybersecurity and privacy.",
keywords = "Attacker engagement, Cybersecurity, Deception, Game theory, Honeypot, Mix network, Moving target defense, Obfuscation, Perturbation, Privacy, Survey, Taxonomy",
author = "Jeffrey Pawlick and Edward Colbert and Quanyan Zhu",
year = "2019",
month = "8",
day = "1",
doi = "10.1145/3337772",
language = "English (US)",
volume = "52",
journal = "ACM Computing Surveys",
issn = "0360-0300",
publisher = "Association for Computing Machinery (ACM)",
number = "4",

}

TY - JOUR

T1 - A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy

AU - Pawlick, Jeffrey

AU - Colbert, Edward

AU - Zhu, Quanyan

PY - 2019/8/1

Y1 - 2019/8/1

N2 - Cyberattacks on both databases and critical infrastructure have threatened public and private sectors. Ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this article, we survey 24 articles from 2008 to 2018 that use game theory to model defensive deception for cybersecurity and privacy. Then, we propose a taxonomy that defines six types of deception: perturbation, moving target defense, obfuscation, mixing, honey-x, and attacker engagement. These types are delineated by their information structures, agents, actions, and duration: precisely concepts captured by game theory. Our aims are to rigorously define types of defensive deception, to capture a snapshot of the state of the literature, to provide a menu of models that can be used for applied research, and to identify promising areas for future work. Our taxonomy provides a systematic foundation for understanding different types of defensive deception commonly encountered in cybersecurity and privacy.

AB - Cyberattacks on both databases and critical infrastructure have threatened public and private sectors. Ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this article, we survey 24 articles from 2008 to 2018 that use game theory to model defensive deception for cybersecurity and privacy. Then, we propose a taxonomy that defines six types of deception: perturbation, moving target defense, obfuscation, mixing, honey-x, and attacker engagement. These types are delineated by their information structures, agents, actions, and duration: precisely concepts captured by game theory. Our aims are to rigorously define types of defensive deception, to capture a snapshot of the state of the literature, to provide a menu of models that can be used for applied research, and to identify promising areas for future work. Our taxonomy provides a systematic foundation for understanding different types of defensive deception commonly encountered in cybersecurity and privacy.

KW - Attacker engagement

KW - Cybersecurity

KW - Deception

KW - Game theory

KW - Honeypot

KW - Mix network

KW - Moving target defense

KW - Obfuscation

KW - Perturbation

KW - Privacy

KW - Survey

KW - Taxonomy

UR - http://www.scopus.com/inward/record.url?scp=85072021194&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072021194&partnerID=8YFLogxK

U2 - 10.1145/3337772

DO - 10.1145/3337772

M3 - Article

AN - SCOPUS:85072021194

VL - 52

JO - ACM Computing Surveys

JF - ACM Computing Surveys

SN - 0360-0300

IS - 4

M1 - 82

ER -