Cyber Deception and Cyber Psychology for Defense
Permanent URI for this collection
Browse
Recent Submissions
Item Towards Self-Adaptive Cyber Deception for Defense(2021-01-05) Landsborough, Jason; Carpenter, Luke; Coronado, Braulio; Fugate, Sunny; Ferguson-Walter, Kimberly; Van Bruggen, DirkComputer network attackers currently benefit from an asymmetric advantage, leveraging both features and flaws of networking protocols and software to discover and exploit vulnerabilities with impunity. Although significant work has been done to automate various cyber defenses, we believe that a novel area of research remains in combining autonomic reasoning and defensive cyber deception. While many difficulties remain in creating a robust system, we have actively explored the utility of such systems for achieving effective cyber defense. Our current approach applies autonomic reasoning to the task of interfering with an adversary’s movement through a cyber kill chain by employing deceptive countermeasures. In this paper, we explore the integration of autonomic computing with insights from game theory and cognitive and behavioral psychology to create a system for adaptive cyber defense using deception.Item Software Deception Steering through Version Emulation(2021-01-05) Araujo, Frederico; Sengupta, Sailik; Jang, Jiyong; Doupé, Adam; Hamlen, Kevin; Kambhampati, SubbaraoDetermined cyber adversaries often strategize their attacks by carefully selecting high-value target machines that host insecure (e.g., unpatched) legacy software. In this paper, we propose a moving-target approach to thwart and countersurveil such adversaries, wherein live (non-decoy) enterprise software services are automatically modified to deceptively emulate vulnerable legacy versions that entice attackers. A game-theoretic framework chooses which emulated software stacks, versions, configurations, and vulnerabilities yield the best defensive payoffs and most useful threat data given a specific attack model. The results show that effective movement strategies can be computed to account for pragmatic aspects of deception, such as the utility of various intelligence-gathering actions, impact of vulnerabilities, performance costs of patch deployment, complexity of exploits, and attacker profile.Item Identifying Expertise Gaps in Cyber Incident Response: Cyber Defender Needs vs. Technological Development(2021-01-05) Nyre-Yu, MeganIncident response is an area within cyber defense that is responsible for detecting, mitigating, and preventing threats within a given network. Like other areas of cyber security, incident response is experiencing a shortage of qualified workers which has led to technological development aimed at alleviating labor-related pressures on organizations. A cognitive task analysis was conducted with incident response experts to capture expertise requirements and used an existing construct to help prioritize development of new technology. Findings indicated that current software development incorporates factors such as analyst efficiency and consistency. Gaps were identified regarding communication and team navigation that are inherent to dynamic team environments. This research identified which expertise areas are needed at lower-tier levels of incident response and which of those areas current automation platforms are addressing. These gaps help focus future studies by bridging expertise research to development efforts.Item Human Factors in Automating Cyber Operations(2021-01-05) Gutzwiller, Robert; Van Bruggen, DirkHuman-machine interaction issues must be addressed in designs and implementation of automation for cybersecurity. The community must not start from scratch to implement best practices; we review for the community and practitioners the relevant history and research done by human factors for human-automation interaction. We bring these theories and results to a handful of cybersecurity elements with two main goals: (1) educate the cyber discipline, and (2) provide guidelines toward building automated cybersecurity technology.Item Design Thinking for Cyber Deception(2021-01-05) Ashenden, Debi; Black, Rob; Reid, Iain; Henderson, SimonCyber deception tools are increasingly sophisticated but rely on a limited set of deception techniques. In current deployments of cyber deception, the network infrastructure between the defender and attacker comprises the defence/attack surface. For cyber deception tools and techniques to evolve further they must address the wider attack surface; from the network through to the physical and cognitive space. One way of achieving this is by fusing deception techniques from the physical and cognitive space with the technology development process. In this paper we trial design thinking as a way of delivering this fused approach. We detail the results from a design thinking workshop conducted using deception experts from different fields. The workshop outputs include a critical analysis of design provocations for cyber deception and a journey map detailing considerations for operationalising cyber deception scenarios that fuse deception techniques from other contexts. We conclude with recommendations for future research.Item Introduction to the Minitrack on Cyber Deception and Cyber Psychology for Defense(2021-01-05) Bishop, Matt; Wang, Cliff; Ferguson-Walter, Kimberly; Fugate, Sunny