{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:00:59Z","timestamp":1777806059207,"version":"3.51.4"},"reference-count":49,"publisher":"SAGE Publications","issue":"5","license":[{"start":{"date-parts":[[2018,5,7]],"date-time":"2018-05-07T00:00:00Z","timestamp":1525651200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2018,8,9]]},"abstract":"<jats:p>Most past work on honeypots has made two assumptions: (i) they assume that the only defensive measure used is a honeypot mechanism, and (ii) they do not consider both rational and subrational adversaries and do not reason with an adversary model when placing honeypots. However, real-world system security officers use a mix of instruments such as traditional defenses (e.g. firewalls, intrusion detection systems), and honeypots form only one portion of the strategy. Moreover, the placement of traditional defenses and honeypots cannot be done independently. In this paper, we consider a Stackelberg-style game situation where the defender models the attacker and uses that model to identify the best placement of traditional defenses and honeypots. We provide a formal definition of undamaged asset value (i.e. the value that is not compromised by the attacker) under a given defensive strategy and show that the problem of finding the best placement so as to maximize undamaged asset value is NP-hard. We propose a greedy algorithm and show via experiments, both on real enterprise networks and on ones generated by the well-known network simulation tool NS-2, that our algorithm quickly computes near optimal placements. As such, our method is both practical and effective.<\/jats:p>","DOI":"10.3233\/jcs-171094","type":"journal-article","created":{"date-parts":[[2018,5,8]],"date-time":"2018-05-08T14:41:23Z","timestamp":1525790483000},"page":"615-645","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":2,"title":["Hybrid adversarial defense: Merging honeypots and traditional security methods"],"prefix":"10.1177","volume":"26","author":[{"given":"Tanmoy","family":"Chakraborty","sequence":"first","affiliation":[{"name":"Computer Science and Engineering Department, Indraprastha Institute of Information Technology at Delhi, India. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[{"name":"Center for Secure Information Systems, George Mason University at Fairfax, VA, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Noseong","family":"Park","sequence":"additional","affiliation":[{"name":"Software and Information Systems Department, University of North Carolina at Charlotte, NC, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrea","family":"Pugliese","sequence":"additional","affiliation":[{"name":"DIMES Department, University of Calabria, Italy. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Edoardo","family":"Serra","sequence":"additional","affiliation":[{"name":"Computer Science Department, Boise State University, ID, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"V.S.","family":"Subrahmanian","sequence":"additional","affiliation":[{"name":"Computer Science Department, Dartmouth College, NH, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2018,5,7]]},"reference":[{"key":"ref001","doi-asserted-by":"crossref","unstructured":"F.H.\u00a0Abbasi, R.J.\u00a0Harris, G.\u00a0Moretti, A.\u00a0Haider and N.\u00a0Anwar, Classification of malicious network streams using honeynets, in: GLOBECOM, 2012.","DOI":"10.1109\/GLOCOM.2012.6503226"},{"key":"ref002","doi-asserted-by":"crossref","unstructured":"L.\u00a0Ablon, M.C.\u00a0Libicki and A.A.\u00a0Golay, Markets for Cybercrime Tools and Stolen Data: Hackers\u2019 Bazaar, RAND Corporation, 2014.","DOI":"10.7249\/RR610"},{"key":"ref003","doi-asserted-by":"crossref","unstructured":"P.\u00a0Aggarwal, Z.\u00a0Maqbool, A.\u00a0Grover, V.\u00a0Pammi, S.\u00a0Singh and V.\u00a0Dutt, Cyber security: A game-theoretic analysis of defender and attacker strategies in defacing-website games, in: CyberSA, 2015.","DOI":"10.1109\/CyberSA.2015.7166127"},{"key":"ref004","unstructured":"E.S.\u00a0Al-Shaer and H.H.\u00a0Hamed, Discovery of policy anomalies in distributed firewalls, in: INFOCOM, 2004."},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"M.\u00a0Bercovitch, M.\u00a0Renford, L.\u00a0Hasson, A.\u00a0Shabtai, L.\u00a0Rokach and Y.\u00a0Elovici, HoneyGen: An automated honeytokens generator, in: ISI, 2011.","DOI":"10.1109\/ISI.2011.5984063"},{"key":"ref006","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(14)70040-6"},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.1002\/sec.619"},{"key":"ref008","doi-asserted-by":"publisher","DOI":"10.2307\/2331357"},{"key":"ref009","doi-asserted-by":"publisher","DOI":"10.1016\/j.apal.2009.01.012"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"A.\u00a0Clark, K.\u00a0Sun, L.\u00a0Bushnell and R.\u00a0Poovendran, A game-theoretic approach to IP address randomization in decoy-based cyber defense, in: GameSec, 2015.","DOI":"10.1007\/978-3-319-25594-1_1"},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"W.R.\u00a0Claycomb, Detecting insider threats: Who is winning the game? in: International Workshop on Managing Insider Security Threats, 2015.","DOI":"10.1145\/2808783.2808794"},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"R.\u00a0Dewri, N.\u00a0Poolsappasit, I.\u00a0Ray and D.\u00a0Whitley, Optimal security hardening using multi-objective optimization on attack tree models of networks, in: CCS, 2007.","DOI":"10.1145\/1315245.1315272"},{"key":"ref013","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-012-0160-y"},{"key":"ref014","doi-asserted-by":"publisher","DOI":"10.1111\/j.1365-2575.2006.00219.x"},{"key":"ref015","unstructured":"M.R.\u00a0Garey and D.S.\u00a0Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W. H. Freeman & Co., New York, NY, USA, 1979."},{"key":"ref016","unstructured":"R.\u00a0Grimes, Why patching is still a problem\u00a0\u2013 and how to fix it,\n                      CSO Magazine\n                      (2016). http:\/\/www.csoonline.com\/article\/3025807\/data-protection\/why-patching-is-still-a-problem-and-how-to-fix-it.html."},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"Z.\u00a0Han, N.\u00a0Marina, M.\u00a0Debbah and A.\u00a0Hj\u00f8rungnes, Physical layer security game: How to date a girl with her boyfriend on the same table, in: GameNets, 2009.","DOI":"10.1109\/GAMENETS.2009.5137412"},{"key":"ref018","doi-asserted-by":"crossref","unstructured":"T.\u00a0Issariyakul and E.\u00a0Hossain, Introduction to Network Simulator NS2, Springer Publishing Company, Incorporated, 2008.","DOI":"10.1007\/978-0-387-71760-9"},{"key":"ref019","doi-asserted-by":"crossref","unstructured":"S.\u00a0Jajodia, S.\u00a0Noel, P.\u00a0Kalapa, M.\u00a0Albanese and J.\u00a0Williams, Cauldron: Mission-centric cyber situational awareness with defense in depth, in: MILCOM, 2011.","DOI":"10.1109\/MILCOM.2011.6127490"},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"S.\u00a0Jajodia, P.\u00a0Shakarian, V.S.\u00a0Subrahmanian, V.\u00a0Swarup and C.\u00a0Wang (eds), Cyber Warfare\u00a0\u2013 Building the Scientific Foundation, Advances in Information Security, Vol.\u00a056, Springer, 2015.","DOI":"10.1007\/978-3-319-14039-1"},{"key":"ref021","doi-asserted-by":"crossref","unstructured":"R.L.\u00a0Keeney, Value-Focused Thinking: A Path to Creative Decisionmaking, Harvard University Press, 1996.","DOI":"10.2307\/j.ctv322v4g7"},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1016\/0377-2217(96)00004-5"},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"C.\u00a0Kiekintveld, V.\u00a0Lis\u00fd and R.\u00a0P\u00edbil, Game-theoretic foundations for the strategic use of honeypots in network security, in: Cyber Warfare\u00a0\u2013 Building the Scientific Foundation, 2015, pp.\u00a081\u2013101.","DOI":"10.1007\/978-3-319-14039-1_5"},{"key":"ref024","doi-asserted-by":"crossref","unstructured":"A.\u00a0Kim and M.H.\u00a0Kang, Determining Asset Criticality for Cyber Defense, 2011, www.dtic.mil\/cgi-bin\/GetTRDoc?AD=ADA550373.","DOI":"10.21236\/ADA550373"},{"key":"ref025","doi-asserted-by":"publisher","DOI":"10.1061\/(ASCE)0733-9496(2008)134:6(516)"},{"key":"ref026","doi-asserted-by":"crossref","unstructured":"R.P.\u00a0Lippmann, J.F.\u00a0Riordan, T.H.\u00a0Yu and K.K.\u00a0Watson, Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics, Technical Report, MIT Lincoln Laboratory, 2012.","DOI":"10.21236\/ADA565825"},{"key":"ref027","doi-asserted-by":"crossref","unstructured":"K.J.R.\u00a0Liu and B.\u00a0Wang, Cognitive Radio Networking and Security: A Game-Theoretic View, Cambridge University Press, New York, NY, USA, 2010. doi:10.1017\/CBO9780511778773.","DOI":"10.1017\/CBO9780511778773"},{"key":"ref028","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(93)90029-5"},{"key":"ref029","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-004-0060-x"},{"key":"ref030","doi-asserted-by":"crossref","unstructured":"M.H.\u00a0Manshaei, Q.\u00a0Zhu, T.\u00a0Alpcan, T.\u00a0Bac\u015far and J.P.\u00a0Hubaux, Game theory meets network security and privacy, ACM Comput. Surv. 45(3) (2013), 25.","DOI":"10.1145\/2480741.2480742"},{"key":"ref031","doi-asserted-by":"crossref","unstructured":"P.\u00a0Mell, T.\u00a0Bergeron and D.\u00a0Henning, Creating a Patch and Vulnerability Management Program, NIST Sp. Publ. 800-40, Version 2.0, 2005.","DOI":"10.6028\/NIST.SP.800-40ver2"},{"key":"ref032","unstructured":"MITRE, Common Weakness Scoring System (CWSS\u2122), 2016, http:\/\/cwe.mitre.org\/cwss."},{"key":"ref033","doi-asserted-by":"publisher","DOI":"10.1007\/BF01588971"},{"key":"ref034","unstructured":"NIST, National Vulnerability Database, 2016, http:\/\/nvd.nist.gov."},{"key":"ref035","doi-asserted-by":"publisher","DOI":"10.1145\/354876.354878"},{"key":"ref036","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2011.34"},{"key":"ref037","unstructured":"F.\u00a0Pouget and M.\u00a0Dacier, Honeypot, Honeynet: A comparative survey, in: Institut Eurecom, 2003."},{"key":"ref038","doi-asserted-by":"crossref","unstructured":"M.\u00a0Rasouli, E.\u00a0Miehling and D.\u00a0Teneketzis, A supervisory control approach to dynamic cyber-security, in: GameSec, 2014.","DOI":"10.1007\/978-3-319-12601-2_6"},{"key":"ref039","doi-asserted-by":"crossref","unstructured":"M.\u00a0Raya, M.H.\u00a0Manshaei, M.\u00a0F\u00e9legyhazi and J.P.\u00a0Hubaux, Revocation games in ephemeral networks, in: CCS, 2008.","DOI":"10.1145\/1455770.1455797"},{"key":"ref040","unstructured":"T.\u00a0Schelling, The Strategy of Conflict, Harvard University Press, 1992."},{"key":"ref041","doi-asserted-by":"crossref","unstructured":"E.\u00a0Serra, S.\u00a0Jajodia, A.\u00a0Pugliese, A.\u00a0Rullo and V.S.\u00a0Subrahmanian, Pareto-optimal adversarial defense of enterprise systems, ACM Trans. Inf. Syst. Secur. 17(3) (2015), 11. doi:10.1145\/2699907.","DOI":"10.1145\/2699907"},{"key":"ref042","doi-asserted-by":"crossref","unstructured":"A.\u00a0Shabtai, Y.\u00a0Elovici and L.\u00a0Rokach, Data leakage detection\/prevention solutions, in: A Survey of Data Leakage Detection and Prevention Solutions, Springer, 2012, pp.\u00a017\u201337. doi:10.1007\/978-1-4614-2053-8_4.","DOI":"10.1007\/978-1-4614-2053-8_4"},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"P.\u00a0Shakarian, D.\u00a0Paulo, M.\u00a0Albanese and S.\u00a0Jajodia, Keeping intrudors at large: A graph-theoretic approach to reducing the probability of successful network intrusions, in: SECRYPT, 2014.","DOI":"10.5220\/0005013800190030"},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"G.F.\u00a0Stocco and G.\u00a0Cybenko, Exploiting adversary\u2019s risk profiles in imperfect information security games, in: GameSec, 2011.","DOI":"10.1007\/978-3-642-25280-8_4"},{"key":"ref045","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2202228"},{"key":"ref046","doi-asserted-by":"crossref","unstructured":"G.\u00a0Yan, Y.\u00a0Kucuk, M.\u00a0Slocum and D.C.\u00a0Last, A Bayesian cogntive approach to quantifying software exploitability based on reachability testing, in: ISC, 2016.","DOI":"10.1007\/978-3-319-45871-7_21"},{"key":"ref047","doi-asserted-by":"publisher","DOI":"10.1007\/s11219-015-9274-6"},{"key":"ref048","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Zhang and B.A.\u00a0Prakash, DAVA: Distributing vaccines over networks under prior information, in: ICDM, 2014.","DOI":"10.1137\/1.9781611973440.6"},{"key":"ref049","doi-asserted-by":"crossref","unstructured":"Q.\u00a0Zhu, H.\u00a0Li, Z.\u00a0Han and T.\u00a0Basar, A stochastic game model for jamming in multi-channel cognitive radio systems, in: ICC, 2010.","DOI":"10.1109\/ICC.2010.5502451"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-171094","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-171094","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-171094","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:13Z","timestamp":1777495513000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-171094"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,7]]},"references-count":49,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2018,8,9]]}},"alternative-id":["10.3233\/JCS-171094"],"URL":"https:\/\/doi.org\/10.3233\/jcs-171094","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,5,7]]}}}