@article{wan_cho_zhu_anwar_kamhoua_singh_2023, title={Deception in Drone Surveillance Missions: Strategic vs. Learning Approaches}, url={https://doi.org/10.1145/3565287.3616525}, DOI={10.1145/3565287.3616525}, abstractNote={Unmanned Aerial Vehicles (UAVs) have been used for surveillance operations, search and rescue missions, and delivery services. Given their importance and versatility, they naturally become targets for cyberattacks. Denial-of-Service (DoS) attacks are commonly considered to exhaust their resources or crash UAVs (or drones). This work proposes a unique proactive defense using honey drones (HD) for UAVs during surveillance operations. These HDs use lightweight virtual machines to lure and redirect potential DoS attacks. Both the choice of target by the attacker and the HD's deceptive tactics are influenced by the strength of the radio signal. However, a critical trade-off exists in that stronger signals can deplete battery life, while weaker signals can negatively affect the connectivity of a drone fleet network. To address this, we formulate an optimization problem to select the best strategies for an attacker or defender in selecting their signal strength level. We propose a novel HD-based defense to identify the optimal setting using deep reinforcement learning (DRL) or game theory and compare their performance with that of non-HD-based methods, such as Intrusion Detection Systems and ContainerDrone. Our experiments demonstrate the unique benefits and superior efficacy of each HD-based defense across various attack scenarios.}, journal={PROCEEDINGS OF THE 2023 INTERNATIONAL SYMPOSIUM ON THEORY, ALGORITHMIC FOUNDATIONS, AND PROTOCOL DESIGN FOR MOBILE NETWORKS AND MOBILE COMPUTING, MOBIHOC 2023}, author={Wan, Zelin and Cho, Jin-Hee and Zhu, Mu and Anwar, Ahmed H. and Kamhoua, Charles and Singh, Munindar P.}, year={2023}, pages={382–387} }
 @article{wan_cho_zhu_anwar_kamhoua_singh_2023, title={Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception}, volume={20}, ISSN={["1932-4537"]}, url={https://doi.org/10.1109/TNSM.2023.3240366}, DOI={10.1109/TNSM.2023.3240366}, abstractNote={Existing defensive deception (DD) approaches apply game theory, assuming that an attacker and defender play the same, full game with all possible strategies. However, in deceptive settings, players may have different beliefs about the game itself. Such structural uncertainty is not naturally handled in traditional game theory. In this work, we formulate an attack-defense hypergame where multiple advanced persistent threat (APT) attackers and a single defender play a repeated game with different perceptions. The hypergame model systematically evaluates how various DD strategies can defend proactively against APT attacks. We present an adaptive method to select an optimal defense strategy using hypergame theory for strategic defense as well as machine learning for adaptive defense. We conducted in-depth experiments to analyze the performance of the eight schemes including ours, baselines, and existing counterparts. We found the DD strategies showed their highest advantages when the hypergame and machine learning are considered in terms of reduced false positives and negatives of the NIDS, system lifetime, and players’ perceived uncertainties and utilities. We also analyze the Hyper Nash Equilibrium of given hypergames and discuss the key findings and insights behind them.}, number={3}, journal={IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT}, author={Wan, Zelin and Cho, Jin-Hee and Zhu, Mu and Anwar, Ahmed H. and Kamhoua, Charles A. and Singh, Munindar P.}, year={2023}, month={Sep}, pages={3816–3830} }
 @article{wan_cho_zhu_anwar_kamhoua_singh_2022, title={Foureye: Defensive Deception Against Advanced Persistent Threats via Hypergame Theory}, volume={19}, ISSN={["1932-4537"]}, url={https://doi.org/10.1109/TNSM.2021.3117698}, DOI={10.1109/TNSM.2021.3117698}, abstractNote={Defensive deception techniques have emerged as a promising proactive defense mechanism to mislead an attacker and thereby achieve attack failure. However, most game-theoretic defensive deception approaches have assumed that players maintain consistent views under uncertainty. They do not consider players’ possible, subjective beliefs formed due to asymmetric information given to them. In this work, we formulate a hypergame between an attacker and a defender where they can interpret the same game differently and accordingly choose their best strategy based on their respective beliefs. This gives a chance for defensive deception strategies to manipulate an attacker’s belief, which is the key to the attacker’s decision-making. We consider advanced persistent threat (APT) attacks, which perform multiple attacks in the stages of the cyber kill chain (CKC) where both the attacker and the defender aim to select optimal strategies based on their beliefs. Through extensive simulation experiments, we demonstrated how effectively the defender can leverage defensive deception techniques while dealing with multi-staged APT attacks in a hypergame in which the imperfect information is reflected based on perceived uncertainty, cost, and expected utilities of both the attacker and defender, the system lifetime (i.e., mean time to security failure), and improved false-positive rates of intrusion detection.}, number={1}, journal={IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT}, author={Wan, Zelin and Cho, Jin-Hee and Zhu, Mu and Anwar, Ahmed H. and Kamhoua, Charles A. and Singh, Munindar P.}, year={2022}, month={Mar}, pages={112–129} }
 @article{anwar_zhu_wan_cho_kamhoua_singh_2022, title={Honeypot-Based Cyber Deception Against Malicious Reconnaissance via Hypergame Theory}, ISSN={["2576-6813"]}, DOI={10.1109/GLOBECOM48099.2022.10000813}, abstractNote={Malicious reconnaissance is a critical step for attackers to collect sufficient network knowledge and choose valuable targets for intrusion. Defensive deception (DD) is an essential strategy against threats by misleading attackers' observations and beliefs. Honeypots are widely used for cyber deception that aims to confuse attackers and waste their resources and efforts. Defenders may use low-interaction honeypots or high-interaction honeypots. In this paper, we consider a hybrid honeypot system that balances the use of the two levels of honeypot complexity, where high-interaction honeypots are more capable of deceiving skilled attackers than low-interaction honeypots. We present a two-player hypergame model that characterizes how a defender should deploy low and high-interaction honeypots to defend the network against malicious reconnaissance activities. We model the tradeoff of each player and characterize their best strategies within a hypergame framework that considers the imperfect knowledge of each player toward their opponent. Finally, our numerical results validate the effectiveness of the proposed honeypot system.}, journal={2022 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM 2022)}, author={Anwar, Ahmed H. and Zhu, Mu and Wan, Zeilin and Cho, Jin-Hee and Kamhoua, Charles A. and Singh, Munindar P.}, year={2022}, pages={3393–3398} }
 @article{zhu_anwar_wan_cho_kamhoua_singh_2021, title={A Survey of Defensive Deception: Approaches Using Game Theory and Machine Learning}, volume={23}, ISSN={["1553-877X"]}, url={https://doi.org/10.1109/COMST.2021.3102874}, DOI={10.1109/COMST.2021.3102874}, abstractNote={Defensive deception is a promising approach for cyber defense. Via defensive deception, a defender can anticipate and prevent attacks by misleading or luring an attacker, or hiding some of its resources. Although defensive deception is garnering increasing research attention, there has not been a systematic investigation of its key components, the underlying principles, and its tradeoffs in various problem settings. This survey focuses on defensive deception research centered on game theory and machine learning, since these are prominent families of artificial intelligence approaches that are widely employed in defensive deception. This paper brings forth insights, lessons, and limitations from prior work. It closes with an outline of some research directions to tackle major gaps in current defensive deception research.}, number={4}, journal={IEEE COMMUNICATIONS SURVEYS AND TUTORIALS}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Zhu, Mu and Anwar, Ahmed H. and Wan, Zelin and Cho, Jin-Hee and Kamhoua, Charles A. and Singh, Munindar P.}, year={2021}, pages={2460–2493} }