Strategies of Honeypot Placement in Cyberspace

Abstract: In order to improve cyber security and deceive potential attackers, strategies forcyber defense must be developed and continuously improved. The purpose of thisarticle was to investigate how to protect an organization against cyberattackscontrolled by humans. This was done by comparing six defense strategies anddetermine which strategy is best at deceiving a potential attacker. The strategies were analyzed using a game called HoneyGame where the defensealgorithms place traps, so called honeypots, on different nodes. The players chose toattack one of six nodes during each round, earning points for evading honeypots andlosing points for encountering them. The players' goal is to get as many points aspossible. The performance of each strategy and the behavior of the attacker were bothinvestigated. In the study, it is concluded that strategies that are adaptive or incorporate somedegree of randomness perform best against a potential attacker. These turned out tobe the most difficult for attackers to figure out over time. The strategies that appearedstatic were quickly outsmarted by the players, learning which nodes to attack.Learning with Linear Rewards is concluded to be the best algorithm.