Cyber Deception Triangle
It is sufficient for attackers to find one path to achieve the goal; however, the defender must secure all paths to guarantee security. Unlike kinetic warfare, adversaries have the freedom to plan and launch attacks, but victims can only defend because as it is often infeasible in cyber space for defenders to identify and attack back the attackers. Defense-by-deception can be a very effective mechanism for reversing this asymmetry in cyber warfare. It allows for not only misleading attackers but also depletion their resources in a very systematic manner. However, developing dynamic decision making engines for defense-by-deception is extremely challenging because it will require dynamic and adaptive strategies considering adversaries’ attributions and actions to guarantee a successful deception
This project will investigate developing a formal framework (based on satisfaction games) to generate a correct-by-construction cyber deception planning that considers the main required components, including:
(1) Attribution to predict attacker information, (2) Temptation to keep adversary highly attracted to pursue her goals, and (3) Expectation to guarantee that the systems looks normal even with deception actions. We plan to develop a case study to proactively deceive remote fingerprinting attackers without causing significant performance degradation to benign clients. The goal of the framework is to ensure both that the target misidentification by remote fingerprinters, and attackers’ resource depletion by maximizing number of probes required to identify a target. The proposed framework will also potentially defend against other attacks such as DDoS.
This project will investigate developing a formal framework (based on satisfaction games) to generate a correct-by-construction cyber deception planning that considers the main required components, including:
(1) Attribution to predict attacker information, (2) Temptation to keep adversary highly attracted to pursue her goals, and (3) Expectation to guarantee that the systems looks normal even with deception actions. We plan to develop a case study to proactively deceive remote fingerprinting attackers without causing significant performance degradation to benign clients. The goal of the framework is to ensure both that the target misidentification by remote fingerprinters, and attackers’ resource depletion by maximizing number of probes required to identify a target. The proposed framework will also potentially defend against other attacks such as DDoS.