Jin-Hee Cho uses hypergame theory for cyber deception research supported through Army Office of Research grant
Conventional access control mechanisms like passwords, access privileges, firewalls, and encryption and intrusion detection systems are generally the first two lines of defense in cybersecurity. The first can be easily exploited by attackers to subvert controls and the second has proved weak.
A third line of defense is deception — manipulating an attacker’s beliefs in a way that results in the attacker choosing a suboptimal strategy.
Jin-Hee Cho, associate professor and director of the Trustworthy Cyberspace Lab (tClab) in the Department of Computer Science, has received a $285,000 grant from the Army Research Office to investigate for the first time how hypergame theory can be used to mislead an attacker’s belief by deception.
“While conventional game theory assumes that all players play the same game, hypergame theory accommodates uncertainty, incomplete information, and bounded rationality,” said Cho. “The goal of this research is to develop a suite of effective and efficient deception techniques that can control an attacker's belief and maximally mislead decision making in carrying out an attack.”
The project began June 1 and will culminate May 31, 2023. Munindar P. Singh, a professor in the Department of Computer Science at North Carolina State University is co-principal investigator.
Zelin Wan, a graduate student in the Department of Computer Science, is also on the research team.
The researchers will design deception techniques based on objectives, effectiveness, and risk along with an attack-defense tree to derive attack and defense strategies; develop strategy selection algorithms where the attacker and defender’s beliefs and utilities are dynamically estimated under uncertainty; and validate the performance of the proposed deception techniques based on cross-validation using multiple evaluation methods and realistic tactical application scenarios.
“Considering the key characteristics of military, tactical networks — such as severe resource constraints, high hostility, high operational tempo, and distributed components — the research will provide a cost-effective defense service while achieving a required level of system security and performance,” Cho said. “The proposed deception techniques can be leveraged by various Army Research Lab in-house research projects and will be implemented in ARL’s emulation testbed which may lead to a high chance of technology transition to the Army setting.”