Deception by Design: Evidence-Based Signaling Games for Network Defense

Deception plays a critical role in the financial industry, online markets, national defense, and countless other important areas. Understanding and harnessing deception, especially in cyberspace, is both crucial and difficult. Recent efforts have studied deception through the lens of game theory, which enables studying the roles of incentives and rationality, and making verifiable predictions. In this paper, we go beyond equilibrium analysis and use a mechanism design perspective in order to engineer solutions to realistic problems. Specifically, we study how the use of honeypots for network defense changes when adversaries gain the ability to detect evidence of honeypots. We analyze two game models: cheap-talk games and an augmented version of those games which we call cheap-talk games with evidence. Using those models, we show how network defenders can design exogenous factors such as the number of honeypots in a system and the cost at which compromised network computers in order to respond to the advent of honeypot-detecting technology and continue to achieve desired levels of utility. Our first contribution is the model that we develop for evidence-based signaling games, and the analysis of how this model includes models of traditional signaling games and complete information games as special cases. The other contributions include a numerical demonstration showing that deception detection causes pure-strategy equilibria to fail to be supported under certain conditions, and a surprising result that the development by the receiver of the ability to detect deception could actually increase the utility of a possibly-deceptive sender. These results have concrete implications for network defense through honeypot deployment. But they are also general enough to apply to the large and critical body of strategic interactions that involve deception.