EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

AARF: Autonomous Attack Response Framework for Honeypots to Enhance Interaction Based on Multi-Agent Dynamic Game

Le Wang, Jianyu Deng, Haonan Tan, Yinghui Xu, Junyi Zhu, Zhiqiang Zhang, Zhaohua Li, Rufeng Zhan and Zhaoquan Gu ()
Additional contact information
Le Wang: Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
Jianyu Deng: Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
Haonan Tan: Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
Yinghui Xu: Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
Junyi Zhu: Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
Zhiqiang Zhang: School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen 518055, China
Zhaohua Li: Shenzhen Institute for Advanced Study, University of Electronic Science and Technology of China, Shenzhen 518000, China
Rufeng Zhan: Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
Zhaoquan Gu: Department of New Networks, Peng Cheng Laboratory, Shenzhen 518055, China

Mathematics, 2024, vol. 12, issue 10, 1-20

Abstract: Highly interactive honeypots can form reliable connections by responding to attackers to delay and capture intranet attacks. However, current research focuses on modeling the attacker as part of the environment and defining single-step attack actions by simulation to study the interaction of honeypots. It ignores the iterative nature of the attack and defense game, which is inconsistent with the correlative and sequential nature of actions in real attacks. These limitations lead to insufficient interaction of the honeypot response strategies generated by the study, making it difficult to support effective and continuous games with attack behaviors. In this paper, we propose an autonomous attack response framework (named AARF) to enhance interaction based on multi-agent dynamic games. AARF consists of three parts: a virtual honeynet environment, attack agents, and defense agents. Attack agents are modeled to generate multi-step attack chains based on a Hidden Markov Model (HMM) combined with the generic threat framework ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge). The defense agents iteratively interact with the attack behavior chain based on reinforcement learning (RL) to learn to generate honeypot optimal response strategies. Aiming at the sample utilization inefficiency problem of random uniform sampling widely used in RL, we propose the dynamic value label sampling (DVLS) method in the dynamic environment. DVLS can effectively improve the sample utilization during the experience replay phase and thus improve the learning efficiency of honeypot agents under the RL framework. We further couple it with a classic DQN to replace the traditional random uniform sampling method. Based on AARF, we instantiate different functional honeypot models for deception in intranet scenarios. In the simulation environment, honeypots collaboratively respond to multi-step intranet attack chains to defend against these attacks, which demonstrates the effectiveness of AARF. The average cumulative reward of the DQN with DVLS is beyond eight percent, and the convergence speed is improved by five percent compared to a classic DQN.

Keywords: honeypot; interaction; multi-agent; attack chain; value label sampling; reinforcement learning (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2024
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-7390/12/10/1508/pdf (application/pdf)
https://www.mdpi.com/2227-7390/12/10/1508/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:12:y:2024:i:10:p:1508-:d:1392965

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jmathe:v:12:y:2024:i:10:p:1508-:d:1392965