Markov Decision Process for Modeling Social Engineering Attacks and Finding Optimal Attack Strategies

This paper emphasizes the importance of understanding an attacker's behavior and capabilities to enhance security measures. Attackers often engage in reconnaissance, gathering sensitive information before launching attacks. Social engineering, drawing from deception theory, is a potent approach for collecting such data. The paper employs a Markov Decision Process (MDP) to model attacker states and their decisions regarding deception attacks. The study explores cooperation and deception costs in attacker decision-making. The findings reveal that the optimal strategy for truthfulness or deceit depends on the cost of deception and the attacker's risk tolerance. When cooperation costs are low, attackers tend to cooperate more to gain trust. Conversely, when cooperation costs are high, attackers opt for deception earlier to minimize interaction costs and maximize attack impact. The paper presents case studies and simulations illustrating the trade-off between cooperative and deceptive actions based on attacker costs.