AHFE Open AccessModeling the effects of different honeypot proportions in a deception-based security game
Abstract
Cyber-attacks, an intentional effort to steal information or interrupt the network, are growing dramatically. It is of great importance to understand how an adversary’s behavior might impact the detection of threats. Prior research in adversarial cybersecurity has investigated the effect of different honeypot variations on adversarial decisions in a deception-based game experimentally. However, it is unknown how different honeypot variation affects adversarial decisions using cognitive models. The primary objective of this research is to develop the cognitive model using Instance-based learning theory (IBLT) to make predictions for decisions for networks with different honeypot proportions. The experimental study involved the use of a deception game (DG): small, medium, and large. The DG is defined as DG (n, k, γ), where n is the number of servers, k is the number of honeypots, and γ is the number of probes that the opponent makes before attacking the network. The DG had three between-subject conditions, which denoted three different honeypot proportions. Human data in the experimental study was collected by recruiting 60 participants who were randomly assigned one of the three between-subject conditions of the deception game (N = 20 per condition). The results revealed with an increase in the proportion of honeypots, the honeypot and no-attack actions increased significantly. Next, we built two Instance-based Learning (IBL) models, an IBL model with calibrated parameters (IBL-calibrated) and an IBL model with ACT-R parameters (IBL-ACT-R), to account for human decisions in conditions involving different honeypot proportions in a deception-based security game. It was found that both IBL-calibrated and IBL-ACT-R models were able to account for human behavior across different experimental conditions. In addition, results revealed a greater reliance on the recent and frequent occurrence of events among the human participants. We highlight the key importance of our research for the field of cognitive modelling.
Keywords: Honeypot, Cybersecurity, Cyber deception, Deception game, Adversary, Defender, Instance based learning theory (IBLT).
DOI: 10.54941/ahfe1003727
Cite this paper
More from this volume
- Deployment of Ransomware Detection Using Dynamic Analysis and Machine Learning
- Keeping the human element to secure autonomous shipping operations
- Out of Sight but Still In Mind: Making ‘Invisible’ Cyber Threats More Salient Via Concrete Analogies
- Analysis of Risks to Data Privacy Throughout European Countries
- Maladaptive Behaviour in Phishing Susceptibility: How Email Context Influences the Impact of Persuasion Techniques
- The Effects of Cyber Readiness and Response on Human Trust in Self Driving Cars
- Using Security Metrics to Determine Security Program Effectiveness
- Social Engineering Penetration Testing within the OODCA Cycle – Approaches to Detect and Remediate Human Vulnerabilities and Risks in Information Security
- Bringing humans at the core of cybersecurity: Challenges and future research directions
- Enhancing practical cybersecurity skills: The ECSF and the CyberSecPro European efforts
- C.S. Technopoly: A Megagame for Teaching and Learning Cybersecurity
- Training the Trainers for Cybersecurity Exercises - Developing EXCON-teams