ICCK Transactions on Cybersecurity | Volume 2, Issue 1: 75-92, 2026 | DOI: 10.62762/TC.2026.152584
Abstract
As adversaries deploy advanced persistent threats (APTs), social engineering, and credential-stuffing attacks to circumvent classical reactive defenses, identity security faces a formidable challenge. This paper proposes GHOST (Game-theoretic Honeytoken Optimization for Strategic Threat Detection), a mathematically grounded and empirically evaluated framework that combines deceptive honeytokens with Stackelberg–Nash game-theoretic optimization, Bayesian attacker-type inference, and reinforcement learning (RL). The defender (Stackelberg leader) distributes honeytokens throughout a networked system of heterogeneous assets, while the attacker (follower) operates under imperfect knowledge of t... More >
Graphical Abstract