How to stop cyber-attacks with honeypots

Award-winning insights on cyber defence strategies

Samuel Lavebrink and Madeleine Lindström are studying the Master's programme Machine Learning.

Published Feb 13, 2024

In the ever-evolving landscape of cyber warfare, defending against human-controlled cyberattacks requires innovative strategies. A recent study conducted by students at KTH delves into the realm of cyber defence, explicitly focusing on the placement of honeypots – deceptive traps designed to mislead potential attackers. This investigation aims to shed light on cyberspace's most effective defence strategies.

In a groundbreaking bachelor's thesis on strategies for bluffing games in cyberspace, students Samuel and Madeleine, in collaboration with the Swedish Defence Research Agency (FOI) and supervisor Joel Brynielsson, have recently received the "Best Paper" award at the FOSINT-SI 2023 conference.

“This achievement has not only highlighted the importance of our research but also created new opportunities and directions for our future cybersecurity careers,“ Madeleine says.

To defend against information-seeking cyberattacks, honeypots appear valuable targets within an organisation. The key lies in deceiving attackers by strategically placing honeypots. The study simulated different defence algorithms in a game to analyse their effectiveness in deceiving attackers. Based on game theory, the game portrayed a zero-sum scenario where the defender's gain equates to the attacker's loss.

“As cyberattacks surge, cyber defence becomes complex, often overshadowed by the attacker's advantage of pinpointing a single vulnerable point. The report emphasises the role of artificial intelligence (AI) in cyber defence despite the challenges of adapting to evolving threats”, Samuel says.

The study involved 124 KTH students playing against six defence strategies using HoneyGame. In this game, defence algorithms strategically placed honeypots on different nodes, and players aimed to maximise points by evading honeypots. Strategies with adaptability and randomness proved superior, with Learning with Linear Rewards standing out as the most effective algorithm.

The research article

Comparison of Strategies for Honeypot Deployment

“The findings contribute valuable insights to the ongoing battle for cyber defence in an era where the stakes have never been higher”, Madeleine says.

For Samuel and Madeleine, this success represents a recognised achievement and new opportunities for future career choices. With a growing interest in cybersecurity, they have now received offers to continue working on the project and write their theses with FOI. This future investment in cybersecurity opens doors to exciting opportunities and long-term involvement in the field.

Text & photo: Charlotta Alnersson

Related news