LAUSR

Practically, a botnet is spread over the Internet of Things (IoT) to ensure an attacker the control of a large number of devices. In this context, in which IoT users react to protect their devices against the threat, a zero-sum one-sided partially observable stochastic game (OS-POSG) model is proposed in which a defender strategically places honeypots in the IoT network in order to deceive attacker’s actions and mitigate the botnet propagation. No player (attacker and defender) observes the opponent’s action but, realistically, the attacker—who is the maximizer—has a perfect knowledge of the state of the network while the defender—who is the minimizer—only is informed of the decisions of IoT users. The objective is to find an optimal deception strategy for the defender that better limits from above the proportion of infected IoT devices. We show in numerous simulations the impact of the partial observation and of the strategic defender’s action on the particular metrics which are the maximum proportion of infected IoT devices during the botnet propagation and the time to botnet extinction in the IoT network.