Research On Game Theory For Mimicry Honeypot Strategies

With the widely used of the Internet and information age coming, network security isincreasingly concerned. The openness of the internet, various software vulnerabilities andpeople’s weak consciousness of security resulted in the new unknown attack. These issuesbring huge challenge for network security. Honeypot is an active defense means, whichchanged the previous prevention technology that the attackers exist in the dark side while theserver in the bright. Defenders are no longer passive defense for aggressive behavior. Thetraditional static honeypot has limitations on the cyber defense. So, dynamic honeypot andfake honeypot have appeared.In this paper, firstly, we summarize the honeypot technology. In particular, dynamichoneypot and anti-honeypot are discussed in detailed. According to the traditional honeypot"namely broken namely failure" features, now, the research of honeypot mainly focuses on itsdynamism, to some extent, improves the confusion of the honeypot. However, honeypot isstill a passive defense method on perceiving the change of network service and characteristicupdating. The deployment and detection of honeypot still exists many bottleneck problems.In the nature, Mimicry phenomenon underwent the "natural selection, adaptiveevolution" validation, the evolution automatically adapted to the surrounding environment hasimportant reference significance for network security protection. The existing honeypot is notenough insufficient in network confrontation. Inspired by the mimicry phenomenon, thispaper proposed the concept of Mimicry Honeypot, which evolved and played the rival gameby using the protective coloration and warning coloration mechanism. While protectivecoloration simulates the service environment and warning coloration simulates the features ofhoneypot. The attackers can be effectively puzzled and lured in the network confrontation.This issue gives the definition of the protective coloration and warning coloration forcyber defense. Then, we build and formalize a mimicry honeypot model. The demonstrationof twisting mechanism is key point and research purport. The game theory and characteristic is introduced in offensive and defensive network decoy. And, related game models wereanalyzed. The paper gives the formalization description of both players’strategies and payoffsin the mimicry honeypot game, and constructs the payoff matrix of the fraudulent game usingnon-cooperative and incomplete dynamic game theory. Then the equilibrium strategies andthe equilibrium conditions are inferred. The equilibrium conditions and relative factors arediscussed in detail, and the comparison to traditional honeypot is also performed. Thetheoretic analysis depicts the effective condition for protective coloration and warningcoloration mechanism in the fraudulent game, and demonstrates that the mimicry honeypothas better activeness, efficiency and fraudulence than the traditional scheme.Finally, we design and realize NS2simulation model of mimicry honeypot. Someexperiment is carried out to test its performance, which contains two aspects: one is thatprotective coloration and warning coloration how to switch in the different attack probability.The other is that different combination of services how to influence the lure performance. Wetest the effectiveness of the mimicry honeypot using NS2simulator.