{"id":"https://openalex.org/W3203693215","doi":"https://doi.org/10.1109/tnsm.2021.3117698","title":"Foureye: Defensive Deception Against Advanced Persistent Threats via Hypergame Theory","display_name":"Foureye: Defensive Deception Against Advanced Persistent Threats via Hypergame Theory","publication_year":2021,"publication_date":"2021-10-06","ids":{"openalex":"https://openalex.org/W3203693215","doi":"https://doi.org/10.1109/tnsm.2021.3117698","mag":"3203693215"},"language":"en","primary_location":{"id":"doi:10.1109/tnsm.2021.3117698","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2021.3117698","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006178191","display_name":"Zelin Wan","orcid":"https://orcid.org/0000-0001-5293-0363"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zelin Wan","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Falls Church, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Falls Church, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011649304","display_name":"Jin-Hee Cho","orcid":"https://orcid.org/0000-0002-5908-4662"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jin-Hee Cho","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Falls Church, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Falls Church, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077937501","display_name":"Mu Zhu","orcid":"https://orcid.org/0000-0003-4303-4318"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mu Zhu","raw_affiliation_strings":["Department of Computer Science, North Carolina State University, Raleigh, NC, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109171008","display_name":"Ahmed H. Anwar","orcid":null},"institutions":[{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ahmed H. Anwar","raw_affiliation_strings":["Network Science Department, U.S. Army Research Laboratory, Adelphi, MD, USA"],"affiliations":[{"raw_affiliation_string":"Network Science Department, U.S. Army Research Laboratory, Adelphi, MD, USA","institution_ids":["https://openalex.org/I166416128"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090126029","display_name":"Charles Kamhoua","orcid":"https://orcid.org/0000-0003-2169-5975"},"institutions":[{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Charles A. Kamhoua","raw_affiliation_strings":["Network Science Department, U.S. Army Research Laboratory, Adelphi, MD, USA"],"affiliations":[{"raw_affiliation_string":"Network Science Department, U.S. Army Research Laboratory, Adelphi, MD, USA","institution_ids":["https://openalex.org/I166416128"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5020679327","display_name":"Munindar P. Singh","orcid":"https://orcid.org/0000-0003-3599-3893"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Munindar P. Singh","raw_affiliation_strings":["Department of Computer Science, North Carolina State University, Raleigh, NC, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5006178191"],"corresponding_institution_ids":["https://openalex.org/I859038795"],"apc_list":null,"apc_paid":null,"fwci":7.6643,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.97324348,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"19","issue":"1","first_page":"112","last_page":"129"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9911999702453613,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/deception","display_name":"Deception","score":0.8210369348526001},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.722643256187439},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5313559174537659},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.13099712133407593},{"id":"https://openalex.org/keywords/social-psychology","display_name":"Social psychology","score":0.124095618724823}],"concepts":[{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.8210369348526001},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.722643256187439},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5313559174537659},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.13099712133407593},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.124095618724823}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tnsm.2021.3117698","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2021.3117698","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7699999809265137,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G5479568110","display_name":null,"funder_award_id":"W91NF-20-2-0140","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G7259598866","display_name":null,"funder_award_id":"W911NF-19-2-0150","funder_id":"https://openalex.org/F4320338295","funder_display_name":"Army Research Laboratory"}],"funders":[{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"},{"id":"https://openalex.org/F4320338295","display_name":"Army Research Laboratory","ror":"https://ror.org/011hc8f90"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":53,"referenced_works":["https://openalex.org/W151350171","https://openalex.org/W1487596546","https://openalex.org/W1501439223","https://openalex.org/W1517229197","https://openalex.org/W1546404276","https://openalex.org/W1613919729","https://openalex.org/W1620663928","https://openalex.org/W1973788147","https://openalex.org/W1979660838","https://openalex.org/W1988871317","https://openalex.org/W1991567646","https://openalex.org/W2003343104","https://openalex.org/W2012910199","https://openalex.org/W2034218563","https://openalex.org/W2055525753","https://openalex.org/W2059450064","https://openalex.org/W2111786419","https://openalex.org/W2115300707","https://openalex.org/W2140190241","https://openalex.org/W2142718630","https://openalex.org/W2153245338","https://openalex.org/W2171707538","https://openalex.org/W2181625086","https://openalex.org/W2291308025","https://openalex.org/W2313532782","https://openalex.org/W2476275724","https://openalex.org/W2586432806","https://openalex.org/W2607705686","https://openalex.org/W2771380743","https://openalex.org/W2780533491","https://openalex.org/W2789266794","https://openalex.org/W2794861508","https://openalex.org/W2800456250","https://openalex.org/W2899322262","https://openalex.org/W2906218219","https://openalex.org/W2906763758","https://openalex.org/W2951174687","https://openalex.org/W2970822576","https://openalex.org/W2982768288","https://openalex.org/W2996903041","https://openalex.org/W3049486569","https://openalex.org/W3126887099","https://openalex.org/W3144954252","https://openalex.org/W3151604502","https://openalex.org/W3156178383","https://openalex.org/W3190734472","https://openalex.org/W4238452917","https://openalex.org/W4313171437","https://openalex.org/W6629000054","https://openalex.org/W6680704940","https://openalex.org/W6696591131","https://openalex.org/W6749728326","https://openalex.org/W6790348182"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2165717120","https://openalex.org/W2039390456","https://openalex.org/W2948663225","https://openalex.org/W2029954793","https://openalex.org/W1992683634","https://openalex.org/W4295295666","https://openalex.org/W1978059949"],"abstract_inverted_index":{"Defensive":[0],"deception":[1,24,89,153],"techniques":[2,154],"have":[3,26],"emerged":[4],"as":[5],"a":[6,56,62,85,162],"promising":[7],"proactive":[8],"defense":[9],"mechanism":[10],"to":[11,45,49,91,100,132,191],"mislead":[12],"an":[13,59,93],"attacker":[14,60,127,182],"and":[15,61,72,128,176,183,194],"thereby":[16],"achieve":[17],"attack":[18],"failure.":[19],"However,":[20],"most":[21],"game-theoretic":[22],"defensive":[23,88,152],"approaches":[25],"assumed":[27],"that":[28],"players":[29],"maintain":[30],"consistent":[31],"views":[32],"under":[33],"uncertainty.":[34],"They":[35],"do":[36],"not":[37],"consider":[38,105],"players\u2019":[39],"possible,":[40],"subjective":[41],"beliefs":[42],"formed":[43],"due":[44],"asymmetric":[46],"information":[47,168],"given":[48],"them.":[50],"In":[51],"this":[52],"work,":[53],"we":[54,144],"formulate":[55],"hypergame":[57,163],"between":[58],"defender":[63,130,149],"where":[64,124],"they":[65],"can":[66,150],"interpret":[67],"the":[68,98,101,116,119,126,129,148,166,181,185],"same":[69],"game":[70],"differently":[71],"accordingly":[73],"choose":[74],"their":[75,80,138],"best":[76],"strategy":[77],"based":[78,136,171],"on":[79,137,172],"respective":[81],"beliefs.":[82,139],"This":[83],"gives":[84],"chance":[86],"for":[87],"strategies":[90,135],"manipulate":[92],"attacker\u2019s":[94,102],"belief,":[95],"which":[96,111,165],"is":[97,169],"key":[99],"decision-making.":[103],"We":[104],"advanced":[106],"persistent":[107],"threat":[108],"(APT)":[109],"attacks,":[110],"perform":[112],"multiple":[113],"attacks":[114,160],"in":[115,161,164],"stages":[117],"of":[118,179,198],"cyber":[120],"kill":[121],"chain":[122],"(CKC)":[123],"both":[125,180],"aim":[131],"select":[133],"optimal":[134],"Through":[140],"extensive":[141],"simulation":[142],"experiments,":[143],"demonstrated":[145],"how":[146],"effectively":[147],"leverage":[151],"while":[155],"dealing":[156],"with":[157],"multi-staged":[158],"APT":[159],"imperfect":[167],"reflected":[170],"perceived":[173],"uncertainty,":[174],"cost,":[175],"expected":[177],"utilities":[178],"defender,":[184],"system":[186],"lifetime":[187],"(i.e.,":[188],"mean":[189],"time":[190],"security":[192],"failure),":[193],"improved":[195],"false-positive":[196],"rates":[197],"intrusion":[199],"detection.":[200]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":5}],"updated_date":"2026-03-23T07:41:27.035349","created_date":"2025-10-10T00:00:00"}