Computer Science ›› 2021, Vol. 48 ›› Issue (8): 291-299.doi: 10.11896/jsjkx.210100148

• Information Security • Previous Articles     Next Articles

Incomplete Information Game Theoretic Analysis to Defend Fingerprinting

LI Shao-hui, ZHANG Guo-min, SONG Li-hua, WANG Xiu-lei   

  1. Army Engineering University,Nanjing 210000,China
  • Received:2021-01-09 Revised:2021-03-29 Published:2021-08-10
  • About author:LI Shao-hui,born in 1994,postgra-duate.His main research interests include cyberspace security and information system security.(shaohuil@foxmail.com)ZHANG Guo-min,born in 1979,Ph.D,associate professor.His main research interests include cyberspace security and network management.
  • Supported by:
    Natural Science Youth Foundation of Jiangsu Province(BK20200582).

Abstract: Fingerprinting,which is an important part of reconnaissance,the first stage of network attack killing chain,is the prerequisite of successful implementation of network attack.The promotion of the concept of active defense,especially deception defense,encourages the defenders to confuse the attackers by means of fingerprint information hiding and obfuscation,thus reducing the effectiveness of their network reconnaissance.Therefore,the defenders can obtain a certain first-mover advantage in the confrontation,and the confrontation of both sides is also advanced to the stage of reconnaissance.Deception is the strategic confrontation between the rational agents of both sides,game theory is a quantitative science to study the conflict and cooperation between rational decision players.It can model the players and actions of various defensive deception,and guide the defenders to make better use of deception technology.In this paper,the dynamic game model with incomplete information is used to analyze the interactive process from reconnaissance to attack.The possible perfect Bayesian Nash equilibrium are analyzed and calculated,and the equilibrium are discussed based on different scenarios.Suggestions are put forward for the defenders to optimize the deceptive strategy to achieve better anti-fingerprinting effect.

Key words: Deception defense, Dynamic game with incomplete information, Fingerprint identification, Network reconnaissance, Perfect Bayesian Nash equilibrium

CLC Number: 

  • TP398.08
[1]ACHLEITNER S,PORTA T L,MCDANIEL P,et al.CyberDeception:Virtual Networks to Defend Insider Reconnaissance[C]//The 2016 International Workshop.ACM,2016.
[2]JIA Z P,FANG B X,LIU C G,et al.Survey on cyber deception[J].Journal on Communications,2017,38(12):128-143.
[3]MAHON J E.Two definitions of lying[J].International Journal of Applied Philosophy,2008,22(2):211-230.
[4]ALBANESE M,BATTISTA E,JAJODIA S.A deception based approach for defeating OS and service fingerprinting[C]//Communications & Network Security.IEEE,2015:317-325.
[5]ALBANESE M,BATTISTA E,JAJODIA S,et al.Manipulating the attacker's view of a system's attack surface[C]//2014 IEEE Conference on Communications and Network Security (CNS).IEEE,2014.
[6]JAJODIA S,PARK N,PIERAZZI F,et al.A Probabilistic Logic of Cyber Deception[J].IEEE Transactions on Information Forensics and Security,2017,12(11):2532-2544.
[7]WANG L,WU D.Moving Target Defense Against Network Reconnaissance with Software Defined Networking[C]//International Conference on Information Security.Springer Internatio-nal Publishing,2016.
[8]KIEKINTVELD C,LIS V,PIVIL R.Game-theoretic founda-tions for the strategic use of honeypots in network security[M]//Cyber Warfare.Cham:Springer,2015:81-101.
[9]PAWLICK J,COLBERT E,ZHU Q.A Game-Theoretic Taxono-my and Survey of Defensive Deception for Cybersecurity and Privacy[J].ACM Computing Surveys,2017,52(4):1-28.
[10]CARROLL T E,GROSU D.A game theoretic investigation of deception in network security[J].Security & Communication Networks,2011,4(10):1162-1172.
[11]YE D,ZHU T,SHEN S,et al.A Differentially Private GameTheoretic Approach for Deceiving Cyber Adversaries [J].IEEE Transactions on Information Forensics and Security,2020,16:569-584.
[12]KARAL H,ZHU Q,BOANSK B.Manipulating Adversary'sBelief:A Dynamic Game Approach to Deception by Design forProactive Network Security[C]//International Conference on Decision and Game Theory for Security.Cham:Springer,2017.
[13]HUANG L,ZHU Q.Analysis and Computation of Adaptive Defense Strategies Against Advanced Persistent Threats for Cyber-Physical Systems[C]//International Conference on Decision and Game Theory for Security.Cham:Springer,2018.
[14]SCHLENKER A,THAKOOR O,XU H,et al.Deceiving cyber adversaries:A game theoretic approach[C]International Confe-rence on Autonomous Agents and Multiagent Systems,2018.
[15]THAKOOR O,TAMBE M,VAYANOS P,et al.Cyber Camouflage Games for Strategic Deception[C]//International Conference on Decision and Game Theory for Security.Cham:Springer,2019:525-541.
[16]WANG W,ZENG B.A two-stage deception game for network defense[C]//International Conference on Decision and Game Theory for Security.Springer,2018.
[17]RAHMAN M A,HASAN M,MANSHAEI M H,et al.A game-theoretic analysis to defend against remote operating system fingerprinting[J].Journal of Information Security and Applications,2020,52:102456.
[18]RAHMAN M A,MANSHAEI M H,AL-SHAER E.A game-theoretic approach for deceiving Remote Operating System Fingerprinting[C]//Communications & Network Security.IEEE,2013.
[19]PAWLICK J,COLBERT E,ZHU Q.Modeling and Analysis of Leaky Deception using Signaling Games with Evidence[J].IEEE Transactions on Information Forensics and Security,2018,14(7):1871-1886.
[1] JIANG Yang-yang, SONG Li-hua, XING Chang-you, ZHANG Guo-min, ZENG Qing-wei. Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game [J]. Computer Science, 2022, 49(9): 333-339.
[2] GAO Chun-gang, WANG Yong-jie, XIONG Xin-li. MTDCD:A Hybrid Defense Mechanism Against Network Intrusion [J]. Computer Science, 2022, 49(7): 324-331.
[3] LIU Ya-qun, XING Chang-you, GAO Ya-zhuo, ZHANG Guo-min. TopoObfu:A Network Topology Obfuscation Mechanism to Defense Network Reconnaissance [J]. Computer Science, 2021, 48(10): 278-285.
[4] ZHAO Jin-long, ZHANG Guo-min, XING Chang-you, SONG Li-hua, ZONG Yi-ben. Self-adaptive Deception Defense Mechanism Against Network Reconnaissance [J]. Computer Science, 2020, 47(12): 304-310.
[5] WANG Chen-dong, GUO Yuan-bo, ZHEN Shuai-hui, YANG Wei-chao. Research on Network Asset Detection Technology [J]. Computer Science, 2018, 45(12): 24-31.
[6] MEI Yuan, ZHAO Bo and ZHU Zhi-dan. Fingerprint Enhancement Based on Straight-curved Line Gabor Filter [J]. Computer Science, 2016, 43(Z6): 149-151.
[7] SHEN Pu-bing, ZHAO Zhan-dong and GONG Qiang-bing. Research on Evaluation of Computer Network Operation Based on Capacity Factor [J]. Computer Science, 2016, 43(Z6): 505-507.
[8] ZHU Zhi-dan, MA Tin-huai and MEI Yuan. Fingerprint Classification Approach Based on Orientation Descriptor [J]. Computer Science, 2016, 43(Z11): 179-182.
[9] YANG Xia, LIU Zhi-wei and LEI Hang. Research and Implementation of Fingerprint Identification Security Technology Based on ARM TrustZone [J]. Computer Science, 2016, 43(7): 147-152.
[10] YANG Rui-da, XIA Shao-jie and TANG Yi-ping. Research on Key Technologies of 3D Fingerprint Based on Monocular Multi-view Machine Vision [J]. Computer Science, 2015, 42(Z6): 184-189.
[11] . [J]. Computer Science, 2007, 34(1): 183-186.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!