In this paper, we propose a planning framework to generate a defense strategy against an attacker who is working in an environment where a defender can operate without the attacker's knowledge. The objective of the defender is to covertly guide the attacker to a trap state from which the attacker cannot achieve their goal. Further, the defender is constrained to achieve its goal within K number of steps, where K is calculated as a pessimistic lower bound within which the attacker is unlikely to suspect a threat in the environment. Such a defense strategy is highly useful in real world systems like honeypots or honeynets, where an unsuspecting attacker interacts with a simulated production system while assuming it is the actual production system. Typically, the interaction between an attacker and a defender is captured using game theoretic frameworks. Our problem formulation allows us to capture it as a much simpler infinite horizon discounted MDP, in which the optimal policy for the MDP gives the defender's strategy against the actions of the attacker. Through empirical evaluation, we show the merits of our problem formulation.

翻译：在本文中，我们提出了一种规划框架，用于生成针对攻击者的防御策略，该攻击者工作在一个防御者可在其不知情的情况下进行操作的环境中。防御者的目标是隐蔽地将攻击者引导至陷阱状态，使其无法实现其目标。此外，防御者须在K步内实现目标，其中K被计算为一个悲观下界，在此步数内攻击者不太可能怀疑环境中的威胁。这种防御策略在现实系统（如蜜罐或蜜网）中非常有用，其中不知情的攻击者与模拟生产系统交互，同时假设该模拟系统是实际生产系统。通常，攻击者与防御者之间的互动通过博弈论框架来描述。我们的问题建模允许我们将其简化为一个更为简单的无限时域折扣马尔可夫决策过程（MDP），其中MDP的最优策略即为防御者针对攻击者行动的策略。通过实证评估，我们展示了问题建模的优势。