Optimal Deception Asset Deployment in Cybersecurity: A Nash Q-Learning Approach in Multi-Agent Stochastic Games-Reference-Cited by-同舟云学术

Optimal Deception Asset Deployment in Cybersecurity: A Nash Q-Learning Approach in Multi-Agent Stochastic Games

Published:2023-12-30 Issue:1 Volume:14 Page:357
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Kong Guanhua¹^ORCID,Chen Fucai¹,Yang Xiaohan¹,Cheng Guozhen¹,Zhang Shuai¹,He Weizhen¹

Affiliation:

1. Institute of Information Technology, PLA Information Engineering University, Zhengzhou 450002, China

Abstract

In the face of an increasingly intricate network structure and a multitude of security threats, cyber deception defenders often employ deception assets to safeguard critical real assets. However, when it comes to the intranet lateral movement attackers in the cyber kill chain, the deployment of deception assets confronts the challenges of lack of dynamics, inability to make real-time decisions, and not considering the dynamic change of an attacker’s strategy. To address these issues, this study introduces a novel maze pathfinding model tailored to the lateral movement context, in which we try to find out the attacker’s location to deploy deception assets accurately for interception. The attack–defense process is modeled as a multi-agent stochastic game, by comparing it with random action policy and Minimax-Q algorithm, we choose Nash Q-learning to solve the deception asset’s deployment strategy to achieve the optimal solution effect. Extensive simulation tests reveal that our proposed model exhibits good convergence properties. Moreover, the average defense success rate surpasses 70%, attesting to the model’s efficacy.

Funder

National Key Research and Development Program of China

Major Science and Technology Project of Henan Province in China

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/14/1/357/pdf

Reference31 articles.

1. (2023, May 01). IT Giant Bitmarck Shuts Down Customer, Internal Systems after Cyberattack. Available online: https://www.theregister.com/2023/05/01/bitmarck_data_breach.

2. (2023, January 18). Maritime Giant DNV Says 1000 Ships Affected by Ransomware Attack. Available online: https://techcrunch.com/2023/01/18/dnv-norway-shipping-ransomware.

3. (2023, February 22). Portuguese Water Utility Attacked by LockBit. Available online: https://www.scmagazine.com/brief/portuguese-water-utility-attacked-by-lockbit.

4. Yadav, T., and Rao, A.M. (2015, January 10–13). Technical aspects of cyber kill chain. Proceedings of the Third International Symposium on Security in Computing and Communications (SSCC’15), SSCC 2015, Kochi, India.

5. Cyber kill chain-based taxonomy of advanced persistent threat actors: Analogy of tactics, techniques, and procedures;Bahrami;J. Inf. Process. Syst.,2019