A Two-Stage Deception Game for Network Defense

Computer network is always under the threat of adversaries. Before launching any real attacks, adversaries may scan and probe the systems to gain some key information. In this paper, we build a two-stage deception game to determine how to answer attackers' scan and probe queries to minimize defender's expected loss. To achieve optimal defense strategy, a sophisticated mixed integer program is formulated. To support fast computation in reality, a two-stage heuristic method is also developed based on the problem's structural properties. Computational experiment shows that after scanning the whole network, adversary's probe against some hosts and how such probe is responded have significant influences on defender's expected loss. Our heuristic method is able to produce high quality solutions with a drastically improved computational performance.