摘要:Deception via honeypots, computers that pretend to be real, may provide effective ways of countering cyber-attacks in computer networks. Although prior research has investigated the effectiveness of timing and amount of deception via deception-based games, it is unclear as to how the size of the network (i.e., number of computer systems in the network) influences adversarial decisions. In this research, using a deception game, we evaluate the influence of network size on adversary’s cyber-attack decisions. The deception game has two sequential stages, probe and attack, and it is defined as DG (n, k, γ), where n is the number of servers, k is the number of honeypots, and γ is the number of probes that adversary makes before attacking the network. In the probe stage, participants may probe a few web servers or may not probe the network. In attack the stage, participants may attack any one of the web servers or decide not to attack the network. In a laboratory experiment, participants were randomly assigned to a repeated deception game across three different between-subject conditions: small (20 participants), medium (20 participants), and large (20 participants). The small, medium, and large conditions used DG (2, 1, 1), DG (6, 3, 3), and DG (12, 6, 6) games, respectively (thus, the proportion of honeypots was kept constant at 50% in all three conditions). Results revealed that in the small network, the proportion of honeypot and no-attack actions were 0.20 and 0.52; whereas, in the medium (large) network, the proportion of honeypot and no-attack actions were 0.50 (0.50) and 0.06 (0.03), respectively. There was also an effect of probing actions on attack actions across all three network sizes. We highlight the implications of our results for networks of different sizes involving deception via honeypots.
