Table_1_Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots.DOCX

Deception via honeypots, computers that pretend to be real, may provide effective ways of countering cyberattacks in computer networks. Although prior research has investigated the effectiveness of timing and amount of deception via deception-based games, it is unclear as to how the size of the network (i.e., the number of computer systems in the network) influences adversarial decisions. In this research, using a deception game (DG), we evaluate the influence of network size on adversary’s cyberattack decisions. The DG has two sequential stages, probe and attack, and it is defined as DG (n,k, γ), where n is the number of servers, k is the number of honeypots, and γ is the number of probes that the adversary makes before attacking the network. In the probe stage, participants may probe a few web servers or may not probe the network. In the attack stage, participants may attack any one of the web servers or decide not to attack the network. In a laboratory experiment, participants were randomly assigned to a repeated DG across three different between-subject conditions: small (20 participants), medium (20 participants), and large (20 participants). The small, medium, and large conditions used DG (2, 1, 1), DG (6, 3, 3), and DG (12, 6, 6) games, respectively (thus, the proportion of honeypots was kept constant at 50% in all three conditions). Results revealed that in the small network, the proportions of honeypot and no-attack actions were 0.20 and 0.52, whereas in the medium (large) network, the proportions of honeypot and no-attack actions were 0.50 (0.50) and 0.06 (0.03), respectively. There was also an effect of probing actions on attack actions across all three network sizes. We highlight the implications of our results for networks of different sizes involving deception via honeypots.

欺骗性陷阱作为一种伪装成真实计算机的网络设备，或许能够为对抗计算机网络中的网络攻击提供有效的手段。尽管先前的研究已经探讨了通过欺骗性游戏实现的欺骗时机和程度的有效性，但网络规模（即网络中计算机系统的数量）如何影响对抗方的决策仍不明确。在本研究中，我们通过采用欺骗游戏（DG）的方法，评估了网络规模对攻击方网络攻击决策的影响。欺骗游戏（DG）包含两个连续阶段：探测和攻击，其定义为DG（n,k, γ），其中n代表服务器数量，k代表诱饵机的数量，γ代表攻击方在攻击网络之前进行的探测次数。在探测阶段，参与者可能对少量网络服务器进行探测，也可能不对网络进行探测。在攻击阶段，参与者可能攻击任意一个网络服务器，或者决定不对网络进行攻击。在一个实验室实验中，参与者被随机分配到三个不同的主体间条件下的重复欺骗游戏：小型（20名参与者）、中型（20名参与者）和大型（20名参与者）。小型、中型和大型条件分别使用了DG（2, 1, 1）、DG（6, 3, 3）和DG（12, 6, 6）游戏，其中诱饵机的比例在所有三种条件下均保持恒定，为50%。结果显示，在小规模网络中，诱饵机和未攻击行动的比例分别为0.20和0.52，而在中型（大型）网络中，诱饵机和未攻击行动的比例分别为0.50（0.50）和0.06（0.03）。在所有三种网络规模下，探测行为对攻击行为也产生了影响。我们强调了我们的研究结果对于涉及通过诱饵机进行欺骗的不同规模网络的启示。