This study addresses the question whether model knowledge can prevent a defender from being deceived or not in cyber security. As a specific model-based defense scheme, this study treats Bayesian defense mechanism, which monitors the system's behavior, forms a belief on existence of the attacker, and chooses appropriate reactions. Sophisticated attackers aim at achieving her objective while avoiding being detected by deceiving the defender. In this paper, their dynamic decision making is formulated as a stochastic signaling game. It is revealed that the belief on the true scenario has a limit in a stochastic sense at an equilibrium based on martingale analysis. This fact implies that there are only two possible cases: the defender asymptotically detects the attack with a firm belief or the attacker takes actions such that the system's behavior becomes nominal after a certain finite time step. Consequently, if the dynamics admits no stealthy attacks, the system is guaranteed to be secure in an asymptotic manner provided that effective countermeasures are implemented. The result concludes that model knowledge can prevent deception in an asymptotic sense. As an application of the finding, a defensive deception utilizing asymmetric recognition on vulnerabilities exploited by the attacker is analyzed. It is shown that, the attacker possibly stops the attack even if the defender is unaware of the vulnerabilities as long as the defender's unawareness is concealed by the defensive deception. Those results indicate the powerful defense capability achieved by model knowledge.
View on arXiv