Abstract
Deception, an art of making someone believe in something that is not true, may provide a promising real-time solution against cyber-attacks. In this paper, we propose a human-in-the-loop real-world simulation tool called HackIT, which could be configured to create different cyber-security scenarios involving deception. We discuss how researchers can use HackIT to create networks of different sizes; use deception and configure different webservers as honeypots; and, create any number of fictitious ports, services, fake operating systems, and fake files on honeypots. Next, we report a case-study involving HackIT where adversaries were tasked with stealing information from a simulated network over multiple rounds. In one condition in HackIT, deception occurred early; and, in the other condition, it occurred late. Results revealed that participants used different attack strategies across the two conditions. We discuss the potential of using HackIT in helping cyber-security teams understand adversarial cognition in the laboratory.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Whaley, B.: Toward a general theory of deception. J. Strateg. Stud. 5(1), 178–192 (1982)
Rowe, N.C., Custy, E.J.: Deception in cyber attacks. In: Cyber Warfare and Cyber Terrorism, pp. 91–96. IGI Global (2007)
Aggarwal, P., Gonzalez, C., Dutt, V.: Cyber-security: role of deception in cyber-attack detection. In: Advances in Human Factors in Cybersecurity, pp. 85–96. Springer, Cham (2016)
Aggarwal, P., Gonzalez, C., Dutt, V.: Looking from the hacker’s perspective: role of deceptive strategies in cyber security. In: 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA), pp. 1–6. IEEE (2016)
Aggarwal, P., Gonzalez, C., Dutt, V.: Modeling the effects of amount and timing of deception in simulated network scenarios. In: 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pp. 1–7. IEEE (2017)
Aggarwal, P., Gonzalez, C., Dutt, V.: Hackit: a real-time simulation tool for studying real-world cyber-attacks in the laboratory. In: Handbook of Computer Networks and Cyber Security: Principles and Paradigms. CRC Press (in press)
Bye, R., Schmidt, S., Luther, K., Albayrak, S.: Application-level simulation for network security. In: Proceedings of the 1st international conference on Simulation Tools and Techniques for Communications, Networks and Systems & Workshops, p. 33. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2008)
Maqbool, Z., Makhijani, N., Pammi, V.C., Dutt, V.: Effects of motivation: rewarding hackers for undetected attacks cause analysts to perform poorly. Hum. Factors 59(3), 420–431 (2017)
Dutt, V., Ahn, Y.S., Gonzalez, C.: Cyber situation awareness: modeling detection of cyber-attacks with instance-based learning theory. Hum. Factors 55(3), 605–618 (2013)
Aggarwal, P., Maqbool, Z., Grover, A., Pammi, V. C., Singh, S., Dutt, V.: Cyber security: a game-theoretic analysis of defender and attacker strategies in defacing-website games. In: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–8. IEEE. (2015)
Cymulate- Breach and Attack Simulation. https://cymulate.com. Accessed 15 Feb 2019
Issariyakul, T., Hossain, E.: Introduction to network simulator 2 (NS2). In: Introduction to Network Simulator NS2, pp. 1–18. Springer, Boston (2009)
Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)
Achleitner, S., La Porta, T.F., McDaniel, P., Sugrim, S., Krishnamurthy, S.V., Chadha, R.: Deceiving network reconnaissance using SDN-based virtual topologies. IEEE Trans. Netw. Serv. Manag. 14(4), 1098–1112 (2017)
Acknowledgments
Research was partially sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on. This research was also supported by the ICPS DST grant (T-533) from the Indian Government to Dr. Varun Dutt.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Aggarwal, P., Gautam, A., Agarwal, V., Gonzalez, C., Dutt, V. (2020). HackIT: A Human-in-the-Loop Simulation Tool for Realistic Cyber Deception Experiments. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-20488-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20487-7
Online ISBN: 978-3-030-20488-4
eBook Packages: EngineeringEngineering (R0)