Concealing Cyber-Decoys using Two-Sided Feature Deception Games

Miah, Mohammad Sujan; Gutierrez, Marcus; Veliz, Oscar; Thakoor, Omkar; Kiekintveld, Christopher

doi:10.24251/hicss.2020.235

Cited by 10 publications

(6 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As Shade et al [15] have pointed out, most research on cyber deception tools tends to focus on honeypots [16], suggesting ways to improve them [17], deliver them as a service [18], or to recognise their deficiencies [18], [19]. Where cyber deception research extends beyond honeypots it still tends to build from a computer science or engineering perspective [18], [19], [20], [21] with a smaller number of examples of research that include the impact of humans on cyber deception through, 'cognitive models and experimental games' [22] and 'computational models of human cognition' [20]. The assumption in such research is one of rational decision-making with a focus on formal rules or models in how decisions are made [23].…”

Section: Background and Related Workmentioning

confidence: 99%

Design Thinking for Cyber Deception

Ashenden¹,

Black²,

Reid³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Cyber deception tools are increasingly sophisticated but rely on a limited set of deception techniques. In current deployments of cyber deception, the network infrastructure between the defender and attacker comprises the defence/attack surface. For cyber deception tools and techniques to evolve further they must address the wider attack surface; from the network through to the physical and cognitive space. One way of achieving this is by fusing deception techniques from the physical and cognitive space with the technology development process. In this paper we trial design thinking as a way of delivering this fused approach. We detail the results from a design thinking workshop conducted using deception experts from different fields. The workshop outputs include a critical analysis of design provocations for cyber deception and a journey map detailing considerations for operationalising cyber deception scenarios that fuse deception techniques from other contexts. We conclude with recommendations for future research.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Design Thinking for Cyber Deception

Ashenden¹,

Black²,

Reid³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…For proper implementation of honeypots, defenders need to carefully design the level of deception that would most successfully exploit the trust of attackers. Previous research has manipulated the amount and timing of deception, type and frequency of signals, and the features of the honeypot to exploit the attacker's beliefs [Aggarwal et al, 2016;Miah et al, 2020;. However, past research considered the abstract features of honeypots and has not evaluated the algorithms against human attackers.…”

Section: Introductionmentioning

confidence: 99%

“…Moreover, common honeypots are designed so that they look exactly like the real machine when probed by an adversary or they are completely different. However, this might not be necessary as suggested by Miah [2020]. Instead of manipulating the features of a honeypot to make it look like a real machine, it is possible to use 2-sided deception i.e., make honeypots look like real machines and make real machines look like honeypots.…”

Section: Introductionmentioning

confidence: 99%

“…Assuming that experienced attackers would detect honeypots, a few researchers have studied the concept of "fake honeypot" i.e., creating honeypot looking systems in the network [Rowe et al, 2007;Shi et al, 2016;Miah et al, 2020]. Most recent work by Miah [2020] introduced a gametheoretic model of two-sided deception that use of both fakehoneypots and fake-real systems in the network (2-sided deception). Instead of solely making honeypots look like real systems (concealed-honeypot), a defender can modify some features of the real machines and make them look like honeypots (concealed-real).…”

Section: Introductionmentioning

confidence: 99%

“…Instead of solely making honeypots look like real systems (concealed-honeypot), a defender can modify some features of the real machines and make them look like honeypots (concealed-real). Miah [2020] numerically evaluated the 2-sided deception model and thus, how human attackers would make decisions with such models is still unknown.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Decoys in Cybersecurity: An Exploratory Study to Test the Effectiveness of 2-sided Deception

Aggarwal,

Du,

Singh

et al. 2021

Preprint

View full text Add to dashboard Cite

One of the widely used cyber deception techniques is decoying, where defenders create fictitious machines (i.e., honeypots) to lure attackers. Honeypots are deployed to entice attackers, but their effectiveness depends on their configuration as that would influence whether attackers will judge them as "real" machines or not. In this work, we study two-sided deception, where we manipulate the observed configuration of both honeypots and real machines. The idea is to improve cyberdefense by either making honeypots "look like" real machines or by making real machines "look like honeypots." We identify the modifiable features of both real machines and honeypots, and conceal these features to different degrees. In an experiment, we study three conditions: default features on both honeypot and real machines, concealed honeypots only, and concealed both honeypots and real machines. We use a network with 40 machines where 20 of them are honeypots. We manipulate the features of the machines, and using an experimental testbed (HackIT), we test the effectiveness of the decoying strategies against humans attackers. Results indicate that: Any of the two forms of deception (conceal honeypots and conceal both honeypots and real machines) is better than no deception at all. We observe that attackers attempted more exploits on honeypots and exfiltrated more data from honeypots in the two forms of deception conditions. However, the attacks on honeypots and data exfiltration were not different within the deception conditions. Results inform cybersecurity defenders on how to manipulate the observable features of honeypots and real machines to create uncertainty for attackers and improve cyberdefense.

show abstract