Effective Cyber Deception

Cyber deception may be an effective solution to exposing and defeating malicious users of information systems. Malicious users of an information system include cyber intruders, advanced persistent threats, and malicious insiders. Once such users gain unobstructed access to, and use of, the protected information system, it is difficult to distinguish between legitimate and illegitimate users.

[1]  Matt Bishop,et al.  Inconsistency in deception for defense , 2006, NSPW '06.

[2]  N. Rowe A Taxonomy of Deception in Cyberspace , 2006 .

[3]  Fahim H. Abbasi,et al.  Experiences with a Generation III virtual Honeynet , 2009, 2009 Australasian Telecommunication Networks and Applications Conference (ATNAC).

[4]  H. Raghav Rao,et al.  Security protection design for deception and real system regimes: A model and analysis , 2010, Eur. J. Oper. Res..

[5]  W. Tirenin,et al.  A concept for strategic cyber defense , 1999, MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341).

[6]  Mladen A. Vouk,et al.  Defensive computer-security deception operations: processes, principles and techniques , 2006 .

[7]  Salvatore J. Stolfo,et al.  Baiting Inside Attackers Using Decoy Documents , 2009, SecureComm.

[8]  Henry L. Owen,et al.  The use of Honeynets to detect exploited systems across large enterprise networks , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[9]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[10]  Dorothy E. Denning,et al.  Using Deception to Hide Things from Hackers: Processes, Principles, and Techniques , 2006 .

[11]  Salvatore J. Stolfo,et al.  Automating the injection of believable decoys to detect snooping , 2010, WiSec '10.

[12]  Kevin Borders,et al.  OpenFire: Using deception to reduce network attacks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[13]  James Bret Michael,et al.  Lawful Cyber Decoy Policy , 2003, SEC.

[14]  Neil C. Rowe,et al.  Experiments with a Testbed for Automated Defensive Deception Planning for Cyber-Attacks , 2007 .