SOD2G: A Study on a Social-Engineering Organizational Defensive Deception Game Framework through Optimization of Spatiotemporal MTD and Decoy Conflict

Abstract

Existing moving target defense (MTD) and decoy systems are conceptually limited in avoiding and preventing attackers’ social-engineering real-time attacks by organization through either structural mutations or induction and isolation only using static traps. To overcome the practical limitations of existing MTD and decoy and to conduct a multi-stage deception decision-making in a real-time attack-defense competition, the current work presents a social-engineering organizational defensive deception game (SOD2G) as a framework, consi dering hierarchical topologies and fingerprint characteristics by organization. The present work proposed and applied deception concepts and zero-sum-based two-player game models as well as attacker and defender decision-making process based on deceivable organizational environments and vulnerability information. They were designed in consideration of limited organizational resources so that they could converge in the positive direction to secure organizational defender dominant share and optimal values of the defender deception formulated by both scenario and attribute. This framework could handle incomplete private information better than existing models and non-sequentially stratified, and also contributed to the configuration of the optimal defender deception strategy. As the experimental results, they could increase the deception efficiency within an organization by about 40% compared to existing models. Also, in the sensitivity analysis, the proposed MTD and decoy yielded improvements of at least 60% and 30% in deception efficiency, respectively, compared to the existing works.