Coordinated Multi-Domain Deception: A Stackelberg Game Approach
Md Abu Sayed, Asif Rahman, Ahmed Hemida, Christopher Kiekintveld, Charles Kamhoua
TL;DR
The paper tackles cross-domain deception in cyber-physical systems by modeling attacker–defender interactions as a Stackelberg game, with the defender as the leader deploying cyber and physical replicas to mislead reconnaissance. It introduces a CVE-based utility framework using CVSS v2/v3 scores derived from NVD data and solves for the Stackelberg equilibrium via a Mixed-Integer Quadratic Program (MIQP), enabling identification of the most strategically critical vulnerabilities. The defender and attacker utilities are formulated as $U^d = A_d^T R_d A_a$ and $U^a = A_d^T R_a A_a$, with vulnerability exploitation probabilities computed from $Pr(i)$ and $Pr(j)$, respectively. Results show that coordinated multilayer deception significantly improves defender utility over single-layer strategies and baseline policies, and the method can pinpoint high-impact CVEs (e.g., $a_1$ under CVSS v2 and $a_5$ under CVSS v3) for targeted mitigation, offering a scalable approach to strengthening CPS resilience under cross-domain threats.
Abstract
This paper explores coordinated deception strategies by synchronizing defenses across coupled cyber and physical systems to mislead attackers and strengthen defense mechanisms. We introduce a Stackelberg game framework to model the strategic interaction between defenders and attackers, where the defender leverages CVSS-based exploit probabilities and real-world vulnerability data from the National Vulnerability Database (NVD) to guide the deployment of deception. Cyber and physical replicas are used to disrupt attacker reconnaissance and enhance defensive effectiveness. We propose a CVE-based utility function to identify the most critical vulnerabilities and demonstrate that coordinated multilayer deception outperforms single-layer and baseline strategies in improving defender utility across both CVSS versions.
