Minimising paradoxes when employing honeyfiles to combat data theft in military networks

Whitham, Ben

doi:10.1109/milcis.2016.7797341

Cited by 5 publications

(6 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• DS 6 -Honey information [57]: The defender uses honey information, such as files, tokens, or fake patches indicating vulnerabilities to mislead attackers. This strategy applies defend against AS 1 , AS 2 , AS 5 − AS 8 as those attacks aim to obtain target information (i.e., vulnerability, private key) for their attack success.…”

Section: B Defender Modelmentioning

confidence: 99%

Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception

Wan

Cho

Zhu

et al. 2023

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Existing defensive deception (DD) approaches apply game theory, assuming that an attacker and defender play the same, full game with all possible strategies. However, in deceptive settings, players may have different beliefs about the game itself. Such structural uncertainty is not naturally handled in traditional game theory. In this work, we formulate an attackdefense hypergame where multiple advanced persistent threat (APT) attackers and a single defender play a repeated game with different perceptions. The hypergame model systematically evaluates how various DD strategies can defend proactively against APT attacks. We present an adaptive method to select an optimal defense strategy using hypergame theory for strategic defense as well as machine learning for adaptive defense. We conducted in-depth experiments to analyze the performance of the eight schemes including ours, baselines, and existing counterparts. We found the DD strategies showed their highest advantages when the hypergame and machine learning are considered in terms of reduced false positives and negatives of the NIDS, system lifetime, and players' perceived uncertainties and utilities. We also analyze the Hyper Nash Equilibrium of given hypergames and discuss the key findings and insights behind them.

show abstract

Section: B Defender Modelmentioning

confidence: 99%

Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception

Wan

Cho

Zhu

et al. 2023

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…The purpose of the central screen subtask was to simulate the cognitive load associated with domain-specific skill use in network defense, namely monitoring a system of honeyfiles ( Figure 1 ) (Helton and Russell, 2011 ; McIntire et al, 2013 ; Mancuso et al, 2015 ; Vieane et al, 2016 ). Network defense analysts use honeyfiles to guard against data theft and unauthorized system access (Whitham, 2016 ). Honeyfiles are designed to resemble “real” documents that attract data thieves.…”

Section: Wacdt Validationmentioning

confidence: 99%

The WACDT, a modern vigilance task for network defense

Guidetti,

Speelman,

Bouhlas

2023

Front. Neuroergonomics

View full text Add to dashboard Cite

Vigilance decrement refers to a psychophysiological decline in the capacity to sustain attention to monotonous tasks after prolonged periods. A plethora of experimental tasks exist for researchers to study vigilance decrement in classic domains such as driving and air traffic control and baggage security; however, the only cyber vigilance tasks reported in the research literature exist in the possession of the United States Air Force (USAF). Moreover, existent cyber vigilance tasks have not kept up with advances in real-world cyber security and consequently no longer accurately reflect the cognitive load associated with modern network defense. The Western Australian Cyber Defense Task (WACDT) was designed, engineered, and validated. Elements of network defense command-and-control consoles that influence the trajectory of vigilance can be adjusted within the WACDT. These elements included cognitive load, event rate, signal salience and workload transitions. Two forms of the WACDT were tested. In static trials, each element was adjusted to its maximum level of processing difficulty. In dynamic trials, these elements were set to increase from their minimum to their maximum values. Vigilance performance in static trials was shown to improve over time. In contrast, dynamic WACDT trials were characterized by vigilance performance declines. The WACDT provides the civilian human factors research community with an up-to-date and validated vigilance task for network defense accessible to civilian researchers.

show abstract

“…1) DD Techniques: The common defensive deception (DD) techniques used in this network environment include various types of honey information, such as fake honey files [40,119,139] or honeypots [104,106,111,156].…”

Section: A Enterprise Networkmentioning

confidence: 99%

“…2) Main Attacks: In enterprise networks, the following attacks have been countered by game-theoretic (GT) or MLbased DD, including insider threat and sophisticated adversaries, such as APTs [73], zero-day attacks [139,140], worm attacks [32], reverse engineering attacker using security patch Avery and Spafford [19], or DoS attack [40].…”

Section: A Enterprise Networkmentioning

confidence: 99%

See 1 more Smart Citation

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

Zhu¹,

Anwar²,

Wan³

et al. 2021

Preprint

View full text Add to dashboard Cite

Defensive deception is a promising approach for cyberdefense. Although defensive deception is increasingly popular in the research community, there hasn't been a systematic investigation of its key components, the underlying principles, and its tradeoffs in various problem settings. This survey paper focuses on defensive deception research centered on game theory and machine learning, since these are prominent families of artificial intelligence approaches that are widely employed in defensive deception. This paper brings forth insights, lessons, and limitations from prior work. It closes with an outline of some research directions to tackle major gaps in current defensive deception research.

show abstract

Minimising paradoxes when employing honeyfiles to combat data theft in military networks

Cited by 5 publications

References 17 publications

Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception

Resisting Multiple Advanced Persistent Threats via Hypergame-Theoretic Defensive Deception

The WACDT, a modern vigilance task for network defense

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

Contact Info

Product

Resources

About