Adversarial reconnaissance is a crucial step in sophisticated cyber-attacks as it enables threat actors to find the weakest points of otherwise well-defended systems. To thwart reconnaissance, defenders can employ cyber deception techniques, such as deploying honeypots. In recent years, researchers have made great strides in developing game-theoretic models to find optimal deception strategies. However, most of these game-theoretic models build on relatively simple models of adversarial reconnaissance -- even though reconnaissance should be a focus point as the very purpose of deception is to thwart reconnaissance. In this paper, we first discuss effective cyber reconnaissance mitigation techniques including deception strategies and beyond. Then we provide a review of the literature on deception games from the perspective of modeling adversarial reconnaissance, highlighting key aspects of reconnaissance that have not been adequately captured in prior work. We then describe a probability-theory based model of the adversaries' belief formation and illustrate using numerical examples that this model can capture key aspects of adversarial reconnaissance. We believe that our review and belief model can serve as a stepping stone for developing more realistic and practical deception games.

翻译：对抗性侦察是高级网络攻击中的关键步骤，它使威胁行为者能够找到其他方面防御严密的系统的最薄弱环节。为了挫败侦察，防御者可以采用网络欺骗技术，例如部署蜜罐。近年来，研究人员在开发博弈论模型以寻找最优欺骗策略方面取得了长足进步。然而，这些博弈论模型大多建立在相对简单的对抗性侦察模型之上——尽管侦察应作为重点，因为欺骗的根本目的就是挫败侦察。本文首先讨论了有效的网络侦察缓解技术，包括欺骗策略及其他方法。然后，我们从对抗性侦察建模的角度对欺骗博弈相关文献进行了综述，重点指出了先前研究中未能充分捕捉的侦察关键方面。接着，我们描述了一个基于概率论的对手信念形成模型，并通过数值示例说明该模型能够捕捉对抗性侦察的关键方面。我们相信，本综述及信念模型可作为开发更现实、更实用的欺骗博弈的基石。