Identifying the actual adversarial threat against a system vulnerability has been a long-standing challenge for cybersecurity research. To determine an optimal strategy for the defender, game-theoretic based decision models have been widely used to simulate the real-world attacker-defender scenarios while taking the defender's constraints into consideration. In this work, we focus on understanding human attacker behaviors in order to optimize the defender's strategy. To achieve this goal, we model attacker-defender engagements as Markov Games and search for their Bayesian Stackelberg Equilibrium. We validate our modeling approach and report our empirical findings using a Capture-The-Flag (CTF) setup, and we conduct user studies on adversaries with varying skill-levels. Our studies show that application-level deceptions are an optimal mitigation strategy against targeted attacks -- outperforming classic cyber-defensive maneuvers, such as patching or blocking network requests. We use this result to further hypothesize over the attacker's behaviors when trapped in an embedded honeypot environment and present a detailed analysis of the same.
翻译:确定对系统脆弱性的实际对抗性威胁一直是网络安全研究的一个长期挑战。 为了确定防御者的最佳战略,在考虑维权者的制约因素的同时,游戏理论决定模型被广泛用于模拟真实世界攻击者-防御者-防御者情景。在这项工作中,我们侧重于了解人攻击者的行为,以便优化维权者的战略。为了实现这一目标,我们以Markov运动会为攻击者-防御者参与模式,并寻找他们的Bayesian Stackelberg平衡。我们验证我们的模型方法,并使用“抓捕法拉”设置报告我们的经验发现,我们用不同技能水平的对手进行用户研究。我们的研究表明,应用级别的欺骗是针对定点攻击的最佳缓解战略 -- -- 超过典型的网络防御策略,例如补丁或屏蔽网络要求。我们利用这一结果进一步低估被困在嵌入的蜂窝环境中的攻击者的行为,并对同样的攻击者行为进行详细分析。