Critical infrastructure systems face escalating threats from asymmetric attacks that exploit deception to overload defenses, fragment coordination, and contribute to cascading failures. Despite its recognized importance in modern cyber–physical conflict, deception is not systematically integrated as an explicit, cost-aware state variable. This work addresses that gap by introducing a discrete-time, agent-based exploratory modeling framework that captures interactions among real defenders, low-cost decoys, and fixed, rule-based (non-learning) attackers. Defender effectiveness emerges from base strength, coordination, and alertness, while decoys, though weak in combat, redirect adversaries and reshape engagement dynamics. A cost-aware resilience metric links survival probability to the cumulative burden of detection, engagement, and losses, allowing an explicit efficiency–resilience tradeoff to be examined. Simulation results show that, within the model, resilience is driven primarily by defender capability and spatial coverage, but is most efficiently enhanced at low-to-intermediate defense densities by moderate levels of deception, with excessive decoying yielding diminishing returns. Sensitivity analysis indicates that these trends are robust across wide parameter variations. These findings establish deception as a quantifiable and cost-effective complement to core defensive strength, advancing conceptual understanding of resilience trade-offs and informing exploratory security strategies.
Kishore Dutta (Mon,) studied this question.