Cyber deception assists in increasing the attacker's budget in reconnaissance or any early phases of threat intrusions. In the past, numerous methods of cyber deception have been adopted, such as IP address randomization, the creation of honeypots and honeynets mimicking an actual set of services, and networks deployed within an enterprise or operational technology(OT) network. These types of strategies follow naive approaches of recreating services that are expensive and that need a lot of human intervention. The advent of cloud services and other automations of containerized applications, such as Kubernetes, makes cyber defense easier. Yet, there remains a lot of potential to improve the accuracy of these deception strategies and to make them cost-effective using artificial intelligence (AI)-based solutions by making the deception more dynamic. Hence, in this work, we review various AI-based solutions in building network- and device-level cyber deception methods in contested environments. Specifically, we focus on leveraging the fusion of large language models (LLMs) and reinforcement learning(RL) in optimally learning these cyber deception strategies and validating the efficacy of such strategies in some stealthy attacks against OT systems in the literature.

翻译：网络欺骗有助于增加攻击者在侦察或威胁入侵早期阶段的成本。过去已采用多种网络欺骗方法，例如IP地址随机化、创建模拟真实服务集合的蜜罐与蜜网，以及在企​​业或运营技术（OT）网络中部署的欺骗网络。此类策略通常采用简单方法重构服务，不仅成本高昂且需要大量人工干预。随着云服务及容器化应用自动化技术（如Kubernetes）的发展，网络防御变得更为便捷。然而，通过人工智能（AI）技术使欺骗策略更具动态性，仍存在巨大潜力以提升其精确度与成本效益。因此，本研究系统综述了在对抗环境中构建网络与设备级网络欺骗方法的各类AI解决方案。具体而言，我们聚焦于融合大语言模型（LLMs）与强化学习（RL）技术，以优化学习此类网络欺骗策略，并通过文献中针对OT系统的隐蔽攻击案例验证其有效性。