Honeypots have been widely used in the security community to understand the cyber threat landscape, for example to study unauthorized penetration attempts targeting industrial cyber-physical systems (ICPS) and observing the behaviors in such activities. However, some better-resourced cyber attackers may attempt to identify honeypots and develop strategies to compromise them, aka anti-honeypot. In this paper, we present an anti-honeypot enabled optimal attack strategy for ICPS, by employing a novel game-theoretical approach. Specifically, the interactions between the attacker and ICPS defender are captured with a proposed hybrid signaling and repeated game, i.e., a non-cooperative two-player one-shot game with incomplete information. By taking into account both various possible defenses of an ICPS and diverse offensive acts of attackers, a Nash equilibrium is derived, which exhibits an optimal attack strategy for attackers with varying technical sophistication. Extensive simulation experiments on multiple test cases demonstrate that, the derived strategy offers the attackers an optimal tactic to compromise the target ICPS protected by honeypots, while having only incomplete knowledge of the defensive mechanisms.

中文翻译：

---

工业网络物理系统的启用反蜜罐的最佳攻击策略

蜜罐已在安全社区中广泛用于了解网络威胁状况，例如研究针对工业网络物理系统（ICPS）的未经授权的渗透尝试并观察此类活动的行为。但是，一些资源更丰富的网络攻击者可能会尝试识别蜜罐并制定策略（也称为反蜜罐）来攻陷它们。在本文中，我们通过采用一种新颖的博弈论方法，提出了一种针对ICPS的启用反火锅的最佳攻击策略。具体地说，攻击者和ICPS防御者之间的交互是通过提出的混合信令和重复游戏（即具有不完整信息的非合作两人一枪游戏）捕获的。考虑到针对ICPS的各种可能的防御措施以及攻击者的各种进攻行为，得出纳什均衡，它显示了针对具有不同技术复杂程度的攻击者的最佳攻击策略。在多个测试案例上进行的广泛仿真实验表明，该派生策略为攻击者提供了一种最佳策略，可以攻陷受蜜罐保护的目标ICPS，而对防御机制的了解却不完整。