Cyber Deception and Cyberpsychology for Defense

Permanent URI for this collection


Recent Submissions

Now showing 1 - 5 of 5
  • Item
    Introduction to the Minitrack on Cyber Deception and Cyberpsychology for Defense
    ( 2023-01-03) Ferguson-Walter, Kimberly ; Fugate, Sunny ; Wang, Cliff ; Bishop, Matt
  • Item
    Accounting for Uncertainty in Deceptive Signaling for Cybersecurity
    ( 2023-01-03) Cranford, Edward ; Ou, Han-Ching ; Gonzalez, Cleotilde ; Tambe, Milind ; Lebiere, Christian
    Deceptive signaling has proven an effective method that can aid security analysists and deter attacks on unprotected targets by strategically revealing information to an attacker. However, recent research has shown that uncertainty in real-time information processing can have a negative impact on the effectiveness of the defense algorithm. The current research developed a new algorithm, dubbed Confusion Signaling, that aims to account for uncertainty in an abstracted insider attack scenario. The results of cognitive model simulations and a human behavioral experiment reveal interesting and unexpected reactions under uncertainty. We discuss the implications of these findings for signaling algorithms that aim to account for uncertainty using deceptive signaling for cybersecurity.
  • Item
    Deceptive Self-Attack for Cyber-Defense
    ( 2023-01-03) Chandler, Jared ; Wick, Adam
    The asymmetry between cyber-defense and cyber-offense is well-known; defenders must perfectly protect their systems, while attackers need only find one flaw. Defensive cyber-deception has been proposed as a way to mitigate this problem, by using various techniques designed to require attackers to defend themselves from misdirection, false data, and counter-attack. In this paper, we propose a new cyber-deception technique: deceptive self-attack (DSA). DSA modifies network and systems to give the appearance that an unknown third party is also at work attacking the same systems. It is our contention that the presence of this (deceptive) adversary pressures real adversaries in novel ways useful to cyber-defense; and discuss these effects. As a study in DSA, we present and evaluate SoundTheAlarm, a SMT-solver based system for generating deceptive self-attack network traffic. SoundTheAlarm uses public attack signatures from the Suricata intrusion detection system to automatically generate network traffic consistent with a particular cyber-attack signature.
  • Item
    Emotional State Classification and Related Behaviors Among Cyber Attackers
    ( 2023-01-03) Gabrys, Ryan ; Venkatesh, Anu ; Silva, Daniel ; Bilinski, Mark ; Major, Maxine ; Mauger, Justin ; Muhleman, Daniel ; Ferguson-Walter, Kimberly
    Cyber deception is a strategy that defenders can leverage to gain an advantage over cyber attackers. The effects of deception on the attacker however, are not yet well understood. Quantifying the tangible and emotional effects of deception on the attacker’s performance, beliefs, and emotional state are critical to deploying effective, targeted cyber deception. Our work uses data from a human-subjects experiment measuring the impact of cyber and psychological deception on over 100 professional red-teamers. These results demonstrate that an attacker’s cognitive and emotional state can often be inferred from data already observed and collected by cyber defenders world-wide. Future work will leverage this observed data-set to formulate more informed defensive strategies.
  • Item
    A Cyber-War Between Bots: Human-Like Attackers are More Challenging for Defenders than Deterministic Attackers
    ( 2023-01-03) Du, Yinuo ; Prebot, Baptiste ; Xi, Xiaoli ; Gonzalez, Cleotilde
    Adversary emulation is commonly used to test cyber defense performance against known threats to organizations. However, designing attack strategies is an expensive and unreliable manual process, based on subjective evaluation of the state of a network. In this paper, we propose the design of adversarial human-like cognitive models that are dynamic, adaptable, and have the ability to learn from experience. A cognitive model is built according to the theoretical principles of Instance-Based Learning Theory (IBLT) of experiential choice in dynamic tasks. In a simulation experiment, we compared the predictions of an IBL attacker with a carefully designed efficient but deterministic attacker attempting to access an operational server in a network. The results suggest that an IBL cognitive model that emulates human behavior can be a more challenging adversary for defenders than the carefully crafted optimal attack strategies. These insights can be used to inform future adversary emulation efforts and cyber defender training.