• PDF / 908,019 Bytes
• 27 Pages / 439.37 x 666.142 pts Page_size
• 89 Downloads / 213 Views

DOWNLOAD

REPORT

Planning Cyberspace Deception

With so many possible ways to deceive, we can be more effective if we plan systematically. Several methods can be used to plan deceptions ranging from informal to formal. Planning can be either strategic, broad in scope (Heckman et al. 2015), or tactical, focused in scope. We will focus on the latter here.

12.1  Cost-Benefit Analysis of Deception We can decide if a deception in general is cost-effective by calculating its costs versus benefits. This can be used to analyze both whether we should deceive and what the attacker is likely to do. For this we can use ideas from “decision theory” and “game theory” (Osborne 2003), two branches of applied mathematics that analyze decision-making and competitive situations respectively. They can be used to recommend how decisions should be made, and how conflicts should be resolved for maximum benefit to one or both parties. © Springer International Publishing Switzerland 2016 N.C. Rowe, J. Rrushi, Introduction to Cyberdeception, DOI 10.1007/978-3-319-41187-3_12

161

162

12  Planning Cyberspace Deception

We will show some examples below of this cost-benefit analysis. Much more can be made of this approach using decision theory (Greenberg 1982; Liu et al. 2005) and game theory (Garg and Grosu 2007; Chou and Zhou 2012). Games involve multiple moves and we can anticipate sequences of measure-countermeasure ploys with them. Specialized analysis can be done for deception in network communications (Alexander and Smith 2011; Chen et al. 2013). Some of this is occurring already with honeypots, as attackers try to discover them and defenders try to conceal themselves from new discovery techniques (McCarty 2003).

12.1.1  Analysis of a Single Defensive Deception The most basic defensive case is the choice as to whether we should perform a single deception, like giving a false excuse to a user, to get them to leave our system (Rowe 2007). Here we have the choice to either deceive or not deceive, and the user can be either malicious or nonmalicious (legitimate). Based on our deception, the user may choose to log out with a certain probability. We need the following parameters: • Let cm be the cost of allowing a malicious user onto the system. This could include the cost of repairing damage they cause (like reinstalling the operating system if necessary) and steps to prevent them from attacking us again. This will be a positive number. • Let cl be the cost of hurting a nonmalicious user by our deception, by for instance causing them to waste time or log out. This will be a positive number too since it hurts us to hurt nonmalicious users. But it should usually be significantly smaller than cm since attacks can have catastrophic effects on a system. • Let pm be the probability of a malicious user. Initially, this will be the fraction of the time a random user on the system is malicious, a small number except on honeypots. But if we accumulate more evidence that a user is suspicious using the techniques of Chap. 11 , we will increase this probability. •

Recommend Documents

Learning and Planning in the Feature Deception Problem

150 88 32MB

Measuring Deception

156 51 9MB

Cyber Denial, Deception and Counter Deception A Framework for Suppor

155 71 4MB

Neurobiology of Deception

162 107 2MB

Contesting sovereignty in cyberspace

196 62 248KB

Crime, Genes, Neuroscience and Cyberspace

159 41 2MB

Basic Theory of Cyberspace Security

187 99 49MB

Deception Methods for Defense

166 78 9MB

Public International Law of Cyberspace

222 27 3MB

Deception in the Psychiatric Interview

151 60 2MB

Self-Knowledge and Self-Deception

136 81 2MB

The Research and Governance of Ethical Disorder in Cyberspace

160 13 90MB