Duplicity Games for Deception Design with an Application to Insider Threat Mitigation

Recent incidents such as the Colonial Pipeline ransomware attack and the SolarWinds hack have shown that traditional defense techniques are becoming insufficient to deter adversaries of growing sophistication. Proactive and deceptive defenses are an emerging class of methods to defend against zero-day and advanced attacks. This work develops a new game-theoretic framework called the duplicity game to design deception mechanisms that consist of a generator, an incentive modulator, and a trust manipulator, referred to as the GMM mechanism. We formulate a mathematical programming problem to compute the optimal GMM mechanism, quantify the upper limit of enforceable security policies, and characterize conditions on user's identifiability and manageability for cyber attribution and user management. We develop a separation principle that decouples the design of the modulator from the GMM mechanism and an equivalence principle that turns the joint design of the generator and the manipulator into the single design of the manipulator. A case study of dynamic honeypot configurations is presented to mitigate insider threats. The numerical experiments corroborate the results that the optimal GMM mechanism can elicit desirable actions from both selfish and adversarial insiders and consequently improve the security posture of the insider network. In particular, a proper modulator can reduce the \textcolor{black}{incentive misalignment} between the players and achieve win-win situations for the selfish insider and the defender. Meanwhile, we observe that the defender always benefits from faking the percentage of honeypots when the optimal generator is presented.