The Moonraker Study: An Experimental Evaluation of Host-Based Deception

“…As Shade et al [15] have pointed out, most research on cyber deception tools tends to focus on honeypots [16], suggesting ways to improve them [17], deliver them as a service [18], or to recognise their deficiencies [18], [19]. Where cyber deception research extends beyond honeypots it still tends to build from a computer science or engineering perspective [18], [19], [20], [21] with a smaller number of examples of research that include the impact of humans on cyber deception through, 'cognitive models and experimental games' [22] and 'computational models of human cognition' [20].…”

“…Decoy networks have been extensively tested through red-teaming experiments, including detailed exploration of red teamers' behaviour, personality and cognition, and physiological responses to cyber deception [28]. Use of host-based deception and deceptive messages has been shown in experiments to disrupt attacker decision-making, increase the time to conduct the deception and increase confusion within the attacker or attacking team [15]. Other cyber security testing includes Capture the Flag (CTF) exercises where attackers are required to exfiltrate assets from a network [29].…”

“…Exploring the behavioural facets of cyber deception through experiment is valuable because as Shade et al [15] point out, experiments have the 'necessary rigor' to deliver evidence-based results for the implementation of cyber deception techniques. Gutzwiller et al [25], however, demonstrate the value of qualitative research in cyber deception by using exploratory 'think-aloud' techniques with red teamers to understand how it might be possible to exploit 'traditional decision-making biases' with cyber deception tools.…”

“…Gutzwiller et al [25], however, demonstrate the value of qualitative research in cyber deception by using exploratory 'think-aloud' techniques with red teamers to understand how it might be possible to exploit 'traditional decision-making biases' with cyber deception tools. Shade et al [15], also highlight the value of collecting the qualitative 'emotional experiences' of those experiencing cyber deception. Such methodological approaches facilitate the gathering of rich data that, while it may not have the generalisability of experimental results, arguably make up for this by taking a naturalistic approach to cyber deception and providing a range of complementary insights.…”

Design Thinking for Cyber Deception

“…As Shade et al [15] have pointed out, most research on cyber deception tools tends to focus on honeypots [16], suggesting ways to improve them [17], deliver them as a service [18], or to recognise their deficiencies [18], [19]. Where cyber deception research extends beyond honeypots it still tends to build from a computer science or engineering perspective [18], [19], [20], [21] with a smaller number of examples of research that include the impact of humans on cyber deception through, 'cognitive models and experimental games' [22] and 'computational models of human cognition' [20].…”

“…Decoy networks have been extensively tested through red-teaming experiments, including detailed exploration of red teamers' behaviour, personality and cognition, and physiological responses to cyber deception [28]. Use of host-based deception and deceptive messages has been shown in experiments to disrupt attacker decision-making, increase the time to conduct the deception and increase confusion within the attacker or attacking team [15]. Other cyber security testing includes Capture the Flag (CTF) exercises where attackers are required to exfiltrate assets from a network [29].…”

“…Exploring the behavioural facets of cyber deception through experiment is valuable because as Shade et al [15] point out, experiments have the 'necessary rigor' to deliver evidence-based results for the implementation of cyber deception techniques. Gutzwiller et al [25], however, demonstrate the value of qualitative research in cyber deception by using exploratory 'think-aloud' techniques with red teamers to understand how it might be possible to exploit 'traditional decision-making biases' with cyber deception tools.…”

“…Gutzwiller et al [25], however, demonstrate the value of qualitative research in cyber deception by using exploratory 'think-aloud' techniques with red teamers to understand how it might be possible to exploit 'traditional decision-making biases' with cyber deception tools. Shade et al [15], also highlight the value of collecting the qualitative 'emotional experiences' of those experiencing cyber deception. Such methodological approaches facilitate the gathering of rich data that, while it may not have the generalisability of experimental results, arguably make up for this by taking a naturalistic approach to cyber deception and providing a range of complementary insights.…”

Design Thinking for Cyber Deception

“…In the latter case, the deception is leveraged to reduce environment uncertainty to improve the RL policies learned by the defender [18]. Other cyber deception research has focused on human subjects experiments [26], sometimes also including also simulations [1], but these simulations are rarely publicly available to other researchers. However, this research does not incorporate deceptive decoys which are lightweight and low-interaction relative to honeypots.…”

Incorporating Deception into CyberBattleSim for Autonomous Defense

The Pitfalls of Evaluating Cyber Defense Techniques by an Anonymous Population