Araujo, FredericoSengupta, SailikJang, JiyongDoupé, AdamHamlen, KevinKambhampati, Subbarao2020-12-242020-12-242021-01-05978-0-9981331-4-0http://hdl.handle.net/10125/70856Determined cyber adversaries often strategize their attacks by carefully selecting high-value target machines that host insecure (e.g., unpatched) legacy software. In this paper, we propose a moving-target approach to thwart and countersurveil such adversaries, wherein live (non-decoy) enterprise software services are automatically modified to deceptively emulate vulnerable legacy versions that entice attackers. A game-theoretic framework chooses which emulated software stacks, versions, configurations, and vulnerabilities yield the best defensive payoffs and most useful threat data given a specific attack model. The results show that effective movement strategies can be computed to account for pragmatic aspects of deception, such as the utility of various intelligence-gathering actions, impact of vulnerabilities, performance costs of patch deployment, complexity of exploits, and attacker profile.10 pagesEnglishAttribution-NonCommercial-NoDerivatives 4.0 InternationalCyber Deception and Cyber Psychology for Defenseagilitycyberdeceptiongame theorysecurity engineeringsoftware security10.24251/HICSS.2021.243