Prospect Theoretic Study of Honeypot Defense Against Advanced Persistent Threats in Power Grid

As one of the most critical infrastructure, the power grid has been increasingly threatened by network attacks, especially advanced persistent threats (APTs). APT in the power grid is a continual and stealthy attack that analyzes the interaction between the cyber layer and the physical layer. The existing offensive and defensive processes for power grid using honeypots against APTs are modeled based on full rationality. Therefore, both the attacker and the defender make decisions to maximize their payoffs under full rationality. However, fully rational decisions made by end-users are not always conformed with the real cases, and prospect theory is a typical boundedly rational method to model these deviations. In this study, we propose a subjective APT-honeypot game model to study the offensive and defensive interactions between the attacker and the defender based on the prospect theory. In this model, we protect the power grid bus nodes by deploying honeypots, which consider both low- and high-interaction honeypot modes. We prove the existence of Bayesian-Nash equilibrium strategies in defense and attack strategies under bounded rationality. In addition, we used IEEE-30 Bus system to verify the proposed model in this paper. Experiment results show that bounded rationality affects strategy selection and reduces attacker & x2019;s payoffs.