Design of Dynamic and Personalized Deception: A Research Framework and New Insights

González, Cleotilde; Aggarwal, Palvi; Lebière, Christian; Cranford, Edward A.

doi:10.24251/hicss.2020.226

Cited by 19 publications

(20 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cyber attackers use deception in the form of phishing emails, fake websites and malware, social engineering, misinformation campaigns, and so on. Defenders also employ deception using tactics such as honeypots, which are “fake” nodes in a network designed to appear attractive to attackers (Gonzalez, Aggarwal, Cranford, & Lebiere, 2020). In these examples, only a few verbal cues may be leaked through text (especially so for phishing emails and other deceptions involving text or dialogue), and nonverbal cues only include inconsistent interactions with technology (e.g., the system responds too fast/slow; Rowe & Rrushi, 2016).…”

Section: Introductionmentioning

confidence: 99%

Towards a Cognitive Theory of Cyber Deception

et al. 2021

Self Cite

View full text Add to dashboard Cite

This work is an initial step toward developing a cognitive theory of cyber deception. While widely studied, the psychology of deception has largely focused on physical cues of deception. Given that present-day communication among humans is largely electronic, we focus on the cyber domain where physical cues are unavailable and for which there is less psychological research. To improve cyber defense, researchers have used signaling theory to extended algorithms developed for the optimal allocation of limited defense resources by using deceptive signals to trick the human mind. However, the algorithms are designed to protect against adversaries that make perfectly rational decisions. In behavioral experiments using an abstract cybersecurity game (i.e., Insider Attack Game), we examined human decision-making when paired against the defense algorithm. We developed an instance-based learning (IBL) model of an attacker using the Adaptive Control of Thought-Rational (ACT-R) cognitive architecture to investigate how humans make decisions under deception in cyber-attack scenarios. Our results show that the defense algorithm is more effective at reducing the probability of attack and protecting assets when using deceptive signaling, compared to no signaling, but is less effective than predicted against a perfectly rational adversary. Also, the IBL model replicates human attack decisions accurately. The IBL model shows how human decisions arise from experience, and how memory retrieval dynamics can give rise to cognitive biases, such as confirmation bias. The implications of these findings are discussed in the perspective of informing theories of deception and designing more effective signaling schemes that consider human bounded rationality.

show abstract

Section: Introductionmentioning

confidence: 99%

Towards a Cognitive Theory of Cyber Deception

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…As Shade et al [15] have pointed out, most research on cyber deception tools tends to focus on honeypots [16], suggesting ways to improve them [17], deliver them as a service [18], or to recognise their deficiencies [18], [19]. Where cyber deception research extends beyond honeypots it still tends to build from a computer science or engineering perspective [18], [19], [20], [21] with a smaller number of examples of research that include the impact of humans on cyber deception through, 'cognitive models and experimental games' [22] and 'computational models of human cognition' [20]. The assumption in such research is one of rational decision-making with a focus on formal rules or models in how decisions are made [23].…”

Section: Background and Related Workmentioning

confidence: 99%

“…The assumption in such research is one of rational decision-making with a focus on formal rules or models in how decisions are made [23]. As cyber deception research has highlighted, however, we also need to understand the cognitive and behavioural processes of both the attacker and defender to improve cyber deception [22], [24], [25].…”

Section: Background and Related Workmentioning

confidence: 99%

“…In taking this approach we build on the work of Reid and Black [30] and their qualitative, inductive study. This research includes a discussion about the connection between technology, and the real-world context (referencing the work on warrants and digital footprints by [31], [32]) and highlights the need for dynamic cyber deception systems and methods [17], [22] and for deception tools that are both 'generic and expressive' [28].…”

Section: Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Design Thinking for Cyber Deception

Ashenden¹,

Black²,

Reid³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Cyber deception tools are increasingly sophisticated but rely on a limited set of deception techniques. In current deployments of cyber deception, the network infrastructure between the defender and attacker comprises the defence/attack surface. For cyber deception tools and techniques to evolve further they must address the wider attack surface; from the network through to the physical and cognitive space. One way of achieving this is by fusing deception techniques from the physical and cognitive space with the technology development process. In this paper we trial design thinking as a way of delivering this fused approach. We detail the results from a design thinking workshop conducted using deception experts from different fields. The workshop outputs include a critical analysis of design provocations for cyber deception and a journey map detailing considerations for operationalising cyber deception scenarios that fuse deception techniques from other contexts. We conclude with recommendations for future research.

show abstract

“…To further address the weakness of peSSE, Gonzalez, Aggarwal, Cranford, and Lebiere (2020) proposed a research framework for dynamic, adaptive, and personalized deception for cyber defense. This framework implements SSG algorithms for distribution of limited defense resources with signaling theory (e.g., peSSE) to gain insights about human behavior from human‐in‐the‐loop experiments, and cognitive modeling using instance‐based learning theory (IBLT) to create personalized defense algorithms.…”

Section: Deceptive Signaling For Cybersecuritymentioning

confidence: 99%

Toward Personalized Deceptive Signaling for Cyber Defense Using Cognitive Models

Cranford

González

Aggarwal

et al. 2020

Topics in Cognitive Science

Self Cite

View full text Add to dashboard Cite

Recent research in cybersecurity has begun to develop active defense strategies using game‐theoretic optimization of the allocation of limited defenses combined with deceptive signaling. These algorithms assume rational human behavior. However, human behavior in an online game designed to simulate an insider attack scenario shows that humans, playing the role of attackers, attack far more often than predicted under perfect rationality. We describe an instance‐based learning cognitive model, built in ACT‐R, that accurately predicts human performance and biases in the game. To improve defenses, we propose an adaptive method of signaling that uses the cognitive model to trace an individual's experience in real time. We discuss the results and implications of this adaptive signaling method for personalized defense.

show abstract

Design of Dynamic and Personalized Deception: A Research Framework and New Insights

Cited by 19 publications

References 0 publications

Towards a Cognitive Theory of Cyber Deception

Towards a Cognitive Theory of Cyber Deception

Design Thinking for Cyber Deception

Toward Personalized Deceptive Signaling for Cyber Defense Using Cognitive Models

Contact Info

Product

Resources

About