Cyber Deception for Defense

Permanent URI for this collection


Recent Submissions

Now showing 1 - 5 of 12
  • Item
    Concealing Cyber-Decoys using Two-Sided Feature Deception Games
    ( 2020-01-07) Miah, Mohammad Sujan ; Gutierrez, Marcus ; Veliz, Oscar ; Thakoor, Omkar ; Kiekintveld, Christopher
    An increasingly important tool for securing computer networks is the use of deceptive decoy objects (e.g., fake hosts, accounts, or files) to detect, confuse, and distract attackers. One of the well-known challenges in using decoys is that it can be difficult to design effective decoys that are hard to distinguish from real objects, especially against sophisticated attackers who may be aware of the use of decoys. A key issue is that both real and decoy objects may have observable features that may give the attacker the ability to distinguish one from the other. However, a defender deploying decoys may be able to modify some features of either the real or decoy objects (at some cost) making the decoys more effective. We present a game-theoretic model of two-sided deception that models this scenario. We present an empirical analysis of this model to show strategies for effectively concealing decoys, as well as some limitations of decoys for cyber security.
  • Item
    Automating Cyberdeception Evaluation with Deep Learning
    ( 2020-01-07) Ayoade, Gbadebo ; Araujo, Frederico ; Al-Naami, Khaled ; Mustafa, Ahmad ; Gao, Yang ; Hamlen, Kevin ; Khan, Latifur
    A machine learning-based methodology is proposed and implemented for conducting evaluations of cyberdeceptive defenses with minimal human involvement. This avoids impediments associated with deceptive research on humans, maximizing the efficacy of automated evaluation before human subjects research must be undertaken. Leveraging recent advances in deep learning, the approach synthesizes realistic, interactive, and adaptive traffic for consumption by target web services. A case study applies the approach to evaluate an intrusion detection system equipped with application-layer embedded deceptive responses to attacks. Results demonstrate that synthesizing adaptive web traffic laced with evasive attacks powered by ensemble learning, online adaptive metric learning, and novel class detection to simulate skillful adversaries constitutes a challenging and aggressive test of cyberdeceptive defenses.
  • Item
    A Deception Planning Framework for Cyber Defense
    ( 2020-01-07) Jafarian, Jafar Haadi ; Niakanlahiji, Amirreza
    The role and significance of deception systems such as honeypots for slowing down attacks and collecting their signatures are well-known. However, the focus has primarily been on developing individual deception systems, and very few works have focused on developing strategies for a synergistic and strategic combination of these systems to achieve more ambitious deception goals. The objective of this paper is to lay a scientific foundation for cyber deception planning, by (1) presenting a formal deception logic for modeling cyber deception, and (2) introducing a deception framework that augments this formal modeling with necessary quantitative reasoning tools to generate coordinated deception plans. To show expressiveness and evaluate effectiveness and overhead of the framework, we use it to model and solve two important deception planning problems: (1) strategic honeypot planning, and (2) deception planning against route identification. Through these case studies, we show that the generated deception plans are highly effective and outperform alternative random and unplanned deception strategies.
  • Item
    HoneyBug: Personalized Cyber Deception for Web Applications
    ( 2020-01-07) Niakanlahiji, Amirreza ; Jafarian, Jafar Haadi ; Chu, Bei-Tseng ; Al-Shaer, Ehab
    Cyber deception is used to reverse cyber warfare asymmetry by diverting adversaries to false targets in order to avoid their attacks, consume their resources, and potentially learn new attack tactics. In practice, effective cyber deception systems must be both attractive, to offer temptation for engagement, and believable, to convince unknown attackers to stay on the course. However, developing such a system is a highly challenging task because attackers have different expectations, expertise levels, and objectives. This makes a deception system with a static configuration only suitable for a specific type of attackers. In order to attract diverse types of attackers and prolong their engagement, we need to dynamically characterize every individual attacker's interactions with the deception system to learn her sophistication level and objectives and personalize the deception system to match with her profile and interest. In this paper, we present an adaptive deception system, called HoneyBug, that dynamically creates a personalized deception plan for web applications to match the attacker's expectation, which is learned by analyzing her behavior over time. Each HoneyBug plan exhibits fake vulnerabilities specifically selected based on the learned attacker's profile. Through evaluation, we show that HoneyBug characterization model can accurately characterize the attacker profile after observing only a few interactions and adapt its cyber deception plan accordingly. The HoneyBug characterization is built on top of a novel and generic evidential reasoning framework for attacker profiling, which is one of the focal contributions of this work.
  • Item
    Adaptive Cyber Deception: Cognitively Informed Signaling for Cyber Defense
    ( 2020-01-07) Cranford, Edward ; Gonzalez, Cleotilde ; Aggarwal, Palvi ; Cooney, Sarah ; Tambe, Milind ; Lebiere , Christian
    This paper improves upon recent game-theoretic deceptive signaling schemes for cyber defense using the insights emerging from a cognitive model of human cognition. One particular defense allocation algorithm that uses a deceptive signaling scheme is the peSSE (Xu et al., 2015). However, this static signaling scheme optimizes the rate of deception for perfectly rational adversaries and is not personalized to individuals. Here we advance this research by developing a dynamic and personalized signaling scheme using cognitive modeling. A cognitive model based on a theory of experiential-choice (Instance-Based Learning Theory; IBLT), implemented in a cognitive architecture (Adaptive Control of Thought – Rational; ACT-R), and validated using human experimentation with deceptive signals informs the development of a cognitive signaling scheme. The predictions of the cognitive model show that the proposed solution increases the compliance to deceptive signals beyond the peSSE. These predictions were verified in human experiments, and the results shed additional light on human reactions towards adaptive deceptive signals.