Deception for Cyber Defence: Challenges and Opportunities

Liebowitz, David; Nepal, Surya; Moore, Kristen; Christopher, Cody James; Kanhere, Salil S.; Nguyen, David D.; Timmer, Roelien C.; Longland, Michael; Keerth, Rathakumar,

doi:10.1109/tpsisa52974.2021.00020

Cited by 7 publications

(5 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Isolated environments / Internal access -close to production / Public access from outside / Isolated environment with redirection from production / Inside productive services [6].…”

Section: Approaches and Technologiesmentioning

confidence: 99%

Proposal for the implementation of minimalistic cyber deception strategies

Pacheco,

Staino

2024

Preprint

View full text Add to dashboard Cite

This work presents a methodical and minimalist approach for the implementation of cyber deception strategies that, without compromising effectiveness, seeks to limit its impact on operations, derived from the limitations of its integration in productive infrastructures and the complexity of the subject. To this end, a cyclical and continuous process is proposed, adaptable to environments of different sizes, which allows obtaining most of the benefits associated with complete cyber deception operations, using the least number of elements and through flexible tactics. This approach arose in response to observations detected in experiences working with organizations. To facilitate the implementation of this proposal, and as an additional contribution, a free software tool created for this purpose is provided, which allows its open experimentation and use in production, both for professional and educational environments.

show abstract

“…Isolated environments / Internal access -close to production / Public access from outside / Isolated environment with redirection from production / Inside productive services [6].…”

Section: Approaches and Technologiesmentioning

confidence: 99%

Proposal for the implementation of minimalistic cyber deception strategies

Pacheco,

Staino

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Deception is a growing tool for cyber defense, and it complements existing perimeter securities used to rapidly detect breaches and data theft [2]. As deception grows, the debate about the morality of the issue will only grow as well, as an ever-growing issue that will need to be dealt with eventually.…”

Section: Ethical Considerationsmentioning

confidence: 99%

“…Organizations should acknowledge that cybersecurity is one of the most significant aspects to growth and success. Extensive funding has been allocated towards cybersecurity worldwide, exceeding $150 billion in 2021 alone [2]. Although there has been heavy focus on security within the digital realm, the pursuit of cyber-attacks perpetuate.…”

Section: Introductionmentioning

confidence: 99%

The relevance, effectiveness, and future prospects of cyber deception implementation within organizations

Eng,

King,

Schillaci

et al. 2024

Assurance and Security for AI-enabled Systems

View full text Add to dashboard Cite

Artificial Intelligence (AI) and Machine Learning (ML) based systems have seen tremendous progress in the past years. This unprecedent growth has also opened new challenges and vulnerabilities for keeping AI/ML based systems safe and secure. With a multitude of studies investigating adversarial machine learning (AML) and cyber security for AI/ML systems, there is a need for novel techniques and methodologies for securing these systems. Cyber security is often used as a blanket term meaning all defenses used in the context of cyber. This leaves out methodologies and techniques, being used more offensively, such as cyber deception. This study provides a comprehensive overview of cyber-deception for securing AI/ML systems including its relevance, effectiveness, and its potential for AI/ML assurance. The study provides an overview of behavioral sciences for cyber-deception, the benefits of using cyber deception, and the ethical concerns associated with cyber deception. Additionally, we present a use-case for the utilization of cyber deception with zero-trust architecture (ZTA) for assurance and security for AI/ML based systems.

show abstract

“…The continuous evolving threat landscape, organization face increasingly sophisticated and persistent cyberattacks that can jeopardize the confidentiality, integrity, and availability of their network infrastructure [1], [2]. As a result, traditional security measures alone are often insufficient to detect and mitigate these threats effectively, hence the continuous evolvement of cyber defense is highly acclaimed [3], [4]. Therefore, the continuous evolution of cyber defense strategies and technologies is highly acclaimed, ensuring that organizations stay ahead of emerging threats and maintain robust security postures.…”

Section: Introductionmentioning

confidence: 99%

Enhancing reconnaissance security: a 2-tier deception-driven model approach (2TDDSM)

Gamilla,

Palaoag,

Naagas

2024

IJEECS

View full text Add to dashboard Cite

The emergence of network security has revolutionized the way educational institutions operate, providing advanced connectivity, enhanced communication, and efficient management of resources. However, with the increasing dependence on interconnected systems, institutions and organizations became vulnerable targets for cyber threats. To address these security challenges, a two-tier deception-driven model specifically designed to for the initial phase of attacks in reconnaissance period where the adversaries is to gather information of the targets. Defending threats in this phase can provide active and proactive defense allowing the administrator to identify potential attackers and understanding their methods, motivation and potential target assets. The model's layered approach creates a resilient defense mechanism that aligns with the advanced deception techniques which aims to misguide potential threats attempting to gather intelligence within the network.

show abstract

Deception for Cyber Defence: Challenges and Opportunities

Cited by 7 publications

References 60 publications

Proposal for the implementation of minimalistic cyber deception strategies

Proposal for the implementation of minimalistic cyber deception strategies

The relevance, effectiveness, and future prospects of cyber deception implementation within organizations

Enhancing reconnaissance security: a 2-tier deception-driven model approach (2TDDSM)

Contact Info

Product

Resources

About