Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots

Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots

Deception via honeypots, computers that pretend to be real, may provide effective ways of countering cyberattacks in computer networks. Although prior research has investigated the effectiveness of timing and amount of deception via deception-based games, it is unclear as to how the size of the netw...

Full description

Bibliographic Details
Main Authors: Harsh Katakwar, Palvi Aggarwal, Zahid Maqbool, Varun Dutt
Format: Article
Language:English
Published: Frontiers Media S.A. 2020-09-01
Series:Frontiers in Psychology
Subjects:
honeypot
cybersecurity
cyber deception
deception game
adversary
defender
Online Access:https://www.frontiersin.org/article/10.3389/fpsyg.2020.535803/full
id doaj-d4fcc0f254af45f98331d10e4efd3626
record_format Article
spelling doaj-d4fcc0f254af45f98331d10e4efd36262020-11-25T03:54:40ZengFrontiers Media S.A.Frontiers in Psychology1664-10782020-09-011110.3389/fpsyg.2020.535803535803Influence of Network Size on Adversarial Decisions in a Deception Game Involving HoneypotsHarsh Katakwar0Palvi Aggarwal1Zahid Maqbool2Varun Dutt3Applied Cognitive Science Laboratory, Indian Institute of Technology Mandi, Kamand, IndiaDynamic Decision Making Laboratory, Carnegie Mellon University, Pittsburgh, PA, United StatesApplied Cognitive Science Laboratory, Indian Institute of Technology Mandi, Kamand, IndiaApplied Cognitive Science Laboratory, Indian Institute of Technology Mandi, Kamand, IndiaDeception via honeypots, computers that pretend to be real, may provide effective ways of countering cyberattacks in computer networks. Although prior research has investigated the effectiveness of timing and amount of deception via deception-based games, it is unclear as to how the size of the network (i.e., the number of computer systems in the network) influences adversarial decisions. In this research, using a deception game (DG), we evaluate the influence of network size on adversary’s cyberattack decisions. The DG has two sequential stages, probe and attack, and it is defined as DG (n,k, γ), where n is the number of servers, k is the number of honeypots, and γ is the number of probes that the adversary makes before attacking the network. In the probe stage, participants may probe a few web servers or may not probe the network. In the attack stage, participants may attack any one of the web servers or decide not to attack the network. In a laboratory experiment, participants were randomly assigned to a repeated DG across three different between-subject conditions: small (20 participants), medium (20 participants), and large (20 participants). The small, medium, and large conditions used DG (2, 1, 1), DG (6, 3, 3), and DG (12, 6, 6) games, respectively (thus, the proportion of honeypots was kept constant at 50% in all three conditions). Results revealed that in the small network, the proportions of honeypot and no-attack actions were 0.20 and 0.52, whereas in the medium (large) network, the proportions of honeypot and no-attack actions were 0.50 (0.50) and 0.06 (0.03), respectively. There was also an effect of probing actions on attack actions across all three network sizes. We highlight the implications of our results for networks of different sizes involving deception via honeypots.https://www.frontiersin.org/article/10.3389/fpsyg.2020.535803/fullhoneypotcybersecuritycyber deceptiondeception gameadversarydefender
collection DOAJ
language English
format Article
sources DOAJ
author Harsh Katakwar
Palvi Aggarwal
Zahid Maqbool
Varun Dutt
spellingShingle Harsh Katakwar
Palvi Aggarwal
Zahid Maqbool
Varun Dutt
Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots
Frontiers in Psychology
honeypot
cybersecurity
cyber deception
deception game
adversary
defender
author_facet Harsh Katakwar
Palvi Aggarwal
Zahid Maqbool
Varun Dutt
author_sort Harsh Katakwar
title Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots
title_short Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots
title_full Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots
title_fullStr Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots
title_full_unstemmed Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots
title_sort influence of network size on adversarial decisions in a deception game involving honeypots
publisher Frontiers Media S.A.
series Frontiers in Psychology
issn 1664-1078
publishDate 2020-09-01
description Deception via honeypots, computers that pretend to be real, may provide effective ways of countering cyberattacks in computer networks. Although prior research has investigated the effectiveness of timing and amount of deception via deception-based games, it is unclear as to how the size of the network (i.e., the number of computer systems in the network) influences adversarial decisions. In this research, using a deception game (DG), we evaluate the influence of network size on adversary’s cyberattack decisions. The DG has two sequential stages, probe and attack, and it is defined as DG (n,k, γ), where n is the number of servers, k is the number of honeypots, and γ is the number of probes that the adversary makes before attacking the network. In the probe stage, participants may probe a few web servers or may not probe the network. In the attack stage, participants may attack any one of the web servers or decide not to attack the network. In a laboratory experiment, participants were randomly assigned to a repeated DG across three different between-subject conditions: small (20 participants), medium (20 participants), and large (20 participants). The small, medium, and large conditions used DG (2, 1, 1), DG (6, 3, 3), and DG (12, 6, 6) games, respectively (thus, the proportion of honeypots was kept constant at 50% in all three conditions). Results revealed that in the small network, the proportions of honeypot and no-attack actions were 0.20 and 0.52, whereas in the medium (large) network, the proportions of honeypot and no-attack actions were 0.50 (0.50) and 0.06 (0.03), respectively. There was also an effect of probing actions on attack actions across all three network sizes. We highlight the implications of our results for networks of different sizes involving deception via honeypots.
topic honeypot
cybersecurity
cyber deception
deception game
adversary
defender
url https://www.frontiersin.org/article/10.3389/fpsyg.2020.535803/full
work_keys_str_mv AT harshkatakwar influenceofnetworksizeonadversarialdecisionsinadeceptiongameinvolvinghoneypots
AT palviaggarwal influenceofnetworksizeonadversarialdecisionsinadeceptiongameinvolvinghoneypots
AT zahidmaqbool influenceofnetworksizeonadversarialdecisionsinadeceptiongameinvolvinghoneypots
AT varundutt influenceofnetworksizeonadversarialdecisionsinadeceptiongameinvolvinghoneypots
_version_ 1724472415758581760

Similar Items