Skip to main content
SpringerLink
Log in

Effective Cyber Deception

  • Chapter
  • First Online:
Cyber Deception

Abstract

Cyber deception may be an effective solution to exposing and defeating malicious users of information systems. Malicious users of an information system include cyber intruders, advanced persistent threats, and malicious insiders. Once such users gain unobstructed access to, and use of, the protected information system, it is difficult to distinguish between legitimate and illegitimate users.

We view cyber deception as comprised of two broad categories: active deception and passive deception. Active deception proactively applies strategies and actions to respond to the presence of malicious users of an information system. Actions of a malicious user are anticipated prior to their execution and counter actions are predicted and taken to prevent their successful completion or to misinform the user. Active deception may employ decoy systems and infrastructure to conduct deception of malicious users and sometimes assumes that a malicious user has already been detected and possibly confirmed by sensing systems.

Passive deception employs decoy systems and infrastructure to detect reconnaissance and to expose malicious users of an information system. Decoy systems and services are established within the protected boundary of the information system. Interactions with decoy systems and services may be considered suspicious, if not conclusively malicious. Since reconnaissance and exploration of the information system are the first steps in the process of attacking an information system, detecting reconnaissance enables an active defense system to quickly identify a malicious user and take action. Like active deception, passive deception can provide misinformation to the malicious reconnaissance. We argue that effective cyber deception includes both active and passive techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See the Wikipedia entry for “sleight of hand” at http://en.wikipedia.org/wiki/Sleight_of_hand.

  2. 2.

    For an fun explanation of sleight of hand techniques, see the video by illusionists Penn and Teller at http://www.youtube.com/watch?v=oXGr76CfoCs.

  3. 3.

    For the defender to have complete knowledge requires an impractical number and placement of sensors and actuators spread throughout the end node.

References

  1. Abbasi, F. H., & Harris, R. J. (2009). Experiences with a generation III virtual honeynet. In Telecommunication Networks and Applications Conference (ATNAC) (pp. 1–6).

    Google Scholar 

  2. Borders, K., Falk, L., & Prakash, A. (2007). OpenFire: Using deception to reduce network attacks. Paper presented at the Third International Conference on Security and Privacy in Communications Networks and the Workshops (SecureComm 2007)

    Google Scholar 

  3. Bowen, B. M., Hershkop, S., Keromytis, A. D., & Stolfo, S. J. (2009). Baiting inside attackers using decoy documents In Security and privacy in communication networks (pp. 51–70). Berlin: Springer.

    Google Scholar 

  4. Bowen, B. M., Kemerlis, V. P., Prabhu, P., Keromytis, A. D., & Stolfo, S. J. (2010). Automating the injection of believable decoys to detect snooping. Paper presented at the Proceedings of the third ACM conference on Wireless network security.

    Book  Google Scholar 

  5. Filar, J., and Vrieze, K. (1997). Competitive Markov Decision Processes, Springer, NY.

    MATH  Google Scholar 

  6. Gerwehr, S., & Anderson, R. H. (2000). Employing deception in INFOSEC. Paper presented at the Information Survivability Workshop (isw2000).

    Google Scholar 

  7. Levine, J., LaBella, R., Owen, H., Contis, D., & Culver, B. (2003). The use of Honeynets to detect exploited systems across large enterprise networks. Paper presented at the Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society.

    Book  Google Scholar 

  8. Michael, J. B., & Wingfield, T. C. (2003). Lawful cyber decoy policy. In D. Gritzalis, S. C. Vimercati, P. Samarati & K. Sokratis (Eds.), Security and privacy in the age of uncertainty (pp. 483-488). Boston, MA: Kluwer.

    Chapter  Google Scholar 

  9. Neagoe, V., & Bishop, M. (2007). Inconsistency in deception for defense. In Proceedings of the 2006 Workshop on New Security Paradigms (pp. 31-38). New York: ACM Press.

    Google Scholar 

  10. Niels, P., & Thorsten, H. (2007). Virtual honeypots: from botnet tracking to intrusion detection: Addison-Wesley Professional.

    Google Scholar 

  11. Perla, E., and Oldani, M. (2011). PART III, Remote Kernel Exploitation in: A Guide to Kernel Exploitation: Attacking the Core, by Syngress, Amsterdam, NL.

    Google Scholar 

  12. Rowe, N. C. (2006). A Taxonomy of deception in cyberspace. In International Conference on Information Warfare and Security. Princess Anne, MD.

    Google Scholar 

  13. Rowe, N. C. (2007). Deception in defense of computer systems from cyber-attack. In A. Colarik & L. Janczewski (Eds.), Encyclopedia of Cyber War and Cyber Terrorism. Hershey, PA: The Idea Group.

    Google Scholar 

  14. Rowe, N. C., Goh, H., Lim, S., & Duong, B. (2007). Experiments with a testbed for automated defensive deception planning for cyber-attacks. In L. Armistead (Ed.), 2nd International Conference on i-Warfare and Security (ICIW 2007) (pp. 185-194). Monterey, California, USA.

    Google Scholar 

  15. Ryu, C., Sharman, R., Rao, H. R., & Upadhyaya, S. (2009). Security protection design for deception and real system regimes: A model and analysis. European Journal of Operational Research, 201(2), 545–556.

    Article  MATH  Google Scholar 

  16. Spitzner, L. (2003). Honeypots: Tracking hackers. Boston, MA: Pearson Education.

    Google Scholar 

  17. Tirenin, W., & Faatz, D. (1999). A concept for strategic cyber defense. In Military Communications Conference Proceedings (Vol. 1, pp. 458-463). Atlantic City, NJ: IEEE.

    Google Scholar 

  18. Yuill, J. J. (2006). Defensive computer-security deception operations: Processes, principles and techniques. Unpublished dissertation, North Carolina State University.

    Google Scholar 

  19. Yuill, J. J., Denning, D., & Feer, F. (2006). Using deception to hide things from hackers: Processes, principles, and techniques. Journal of Information Warfare, 5(3), 26–40.

    Google Scholar 

Download references

Acknowledgments

The author would like acknowledge the U.S. Air Force Research Laboratory Small Business Innovation Research program for partially funding this work under contracts AFRL-RY-WP-TR-2010-1170 and AFRL-RY-WP-TR-2013-0014. Additional research and development has been funded by Sentar, Inc.

Author information

Authors and Affiliations

  1. Sentar, Inc., 315 Wynn Drive, Suite 1, Huntsville, AL, 35805, USA

    A. J. Underbrink

Authors
  1. A. J. Underbrink
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A. J. Underbrink .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Sushil Jajodia

  2. Department of Computer Science, University of Maryland, College Park, Maryland, USA

    V.S. Subrahmanian

  3. The MITRE Corporation, McLean, Virginia, USA

    Vipin Swarup

  4. Computing & Information Science Division, Information Sciences Directorate Computing & Information Science Division, Triangle Park, North Carolina, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Underbrink, A.J. (2016). Effective Cyber Deception. In: Jajodia, S., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Deception. Springer, Cham. https://doi.org/10.1007/978-3-319-32699-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-32699-3_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-32697-9

  • Online ISBN: 978-3-319-32699-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation