Planning and Integrating Deception into Computer Security Defenses

Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that use deception were ad-hoc attempts to incorporate deceptive elements. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of fundamental reasons why deception works and the essential principles involved in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception in many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be designed to exploit specific adversaries' biases. We investigate these biases and discuss how can they be used by presenting a number of examples.

[1]  J. Krebs Deception: Perspectives on Human and Nonhuman Deceit, Robert W. Mitchell, Nicholas S. Thompson (Eds.). State University of New York Press, New York (1986), xxix , 1986 .

[2]  Malcolm W. Harkins A New Security Architecture to Improve Business Agility , 2016 .

[3]  A. Tversky,et al.  Support theory: A nonextensional representation of subjective probability. , 1994 .

[4]  Barton Whaley Toward a general theory of deception , 1982 .

[5]  Haining Wang,et al.  BogusBiter: A transparent protection against phishing attacks , 2010, TOIT.

[6]  A KEN BURNS FILM War , 1870, Nature.

[7]  T. Gutheil Detecting Lies and Deceit: Pitfalls and Opportunities , 2010 .

[8]  A. Tversky,et al.  Extensional versus intuitive reasoning: the conjunction fallacy in probability judgment , 1983 .

[9]  J. Yuill,et al.  Honeyfiles: deceptive files for intrusion detection , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[10]  Michael Bennett,et al.  Counterdeception Principles and Applications for National Security , 2007 .

[11]  Gert Jan Hofstede,et al.  Cultures and Organizations: Software of the Mind, 3rd ed. , 2010 .

[12]  C. Stoll The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage , 1990 .

[13]  Neil C. Rowe,et al.  Defending Cyberspace with Fake Honeypots , 2007, J. Comput..

[14]  S. Sloman The empirical case for two systems of reasoning. , 1996 .

[15]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[16]  Eliot A. Cohen,et al.  Fortitude: The D-Day Deception Campaign , 2000 .

[17]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[18]  Roy Godson,et al.  Strategic denial and deception , 2000 .

[19]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[20]  Per Larsen,et al.  Booby trapping software , 2013, NSPW '13.

[21]  Mohammed H. Almeshekah,et al.  The case of using negative (deceiving) information in data protection , 2014 .

[22]  Amr M. Youssef,et al.  Defaming Botnet Toolkits: A Bottom-Up Approach to Mitigating the Threat , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[23]  Shujun Li,et al.  A novel anti-phishing framework based on honeypots , 2009, 2009 eCrime Researchers Summit.

[24]  Lior Rokach,et al.  HoneyGen: An automated honeytokens generator , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[25]  Mladen A. Vouk,et al.  Defensive computer-security deception operations: processes, principles and techniques , 2006 .

[26]  Reginald Victor Jones,et al.  Reflections on intelligence , 1989 .

[27]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[28]  J. Bowyer Bell,et al.  Cheating and Deception , 1991 .

[29]  T. Holz,et al.  Detecting honeypots and other suspicious environments , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[30]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[31]  Ronald L. Rivest,et al.  Honeywords: making password-cracking detectable , 2013, CCS.

[32]  John R. Boyd,et al.  The Essence of Winning and Losing , 2012 .

[33]  Hylton Boothroyd Reflections on Intelligence , 1991 .

[34]  J. R. Thompson,et al.  The Cognitive Bases of Intelligence Analysis. , 1984 .

[35]  B. Cheswick An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied , 1997 .

[36]  C. V. Ford Lies! Lies!! Lies!!!: The Psychology of Deceit , 1996 .

[37]  Michal Handel,et al.  War, strategy, and intelligence , 1989 .

[38]  C. Dominik Güss,et al.  Cultural differences in dynamic decision-making strategies in a non-linear, time-delayed task , 2011, Cognitive Systems Research.

[39]  F. Cohen,et al.  Misleading attackers with deception , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[40]  Barton Whaley,et al.  Stratagem: Deception and Surprise in War , 2007 .

[41]  Donald C. Daniel,et al.  Propositions on military deception , 1982 .

[42]  R. Nickerson Confirmation Bias: A Ubiquitous Phenomenon in Many Guises , 1998 .

[43]  A. Vrij Detecting Lies and Deceit: Pitfalls and Opportunities , 2008 .

[44]  Eugene H. Spafford,et al.  Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection , 1994 .

[45]  Wei Wang,et al.  Detecting Targeted Attacks By Multilayer Deception , 2013, J. Cyber Secur. Mobil..

[46]  Xu Chen,et al.  Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[47]  R. Jervis Perception and misperception in international politics , 1976 .

[48]  Mohammad Mannan,et al.  Explicit authentication response considered harmful , 2013, NSPW '13.

[49]  Riccardo Bettati,et al.  On traffic analysis attacks and countermeasures , 2005 .