Abstract
Our physical and digital worlds are converging at a rapid pace, putting a lot of our valuable information in digital formats. Currently, most computer systems’ predictable responses provide attackers with valuable information on how to infiltrate them. In this chapter, we discuss how the use of deception can play a prominent role in enhancing the security of current computer systems. We show how deceptive techniques have been used in many successful computer breaches. Phishing, social engineering, and drive-by-downloads are some prime examples. We discuss why deception has only been used haphazardly in computer security. Additionally, we discuss some of the unique advantages deception-based security mechanisms bring to computer security. Finally, we present a framework where deception can be planned and integrated into computer defenses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
This term is widely used to refer to enterprises’ employees bringing their own digital devises and using them to access the companies’ resources.
References
Verizon, “Threats on the Horizon – The Rise of the Advanced Persistent Threat.” http://www.verizonenterprise.com/DBIR/.
J. J. Yuill, Defensive Computer-Security Deception Operations: Processes, Principles and Techniques. PhD Dissertation, North Carolina State University, 2006.
B. Cheswick, “An Evening with Berferd in Which a Cracker is Lured, Endured, and Studied,” in Proceedings of Winter USENIX Conference, (San Francisco), 1992.
C. P. Stoll, The Cuckoo’s Egg: Tracing a Spy Through the Maze of Computer Espionage. Doubleday, 1989.
E. H. Spafford, “More than Passive Defense.” http://goo.gl/5lwZup, 2011.
L. Spitzner, Honeypots: Tracking Hackers. Addison-Wesley Reading, 2003.
G. H. Kim and E. H. Spafford, “Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection,” tech. rep., Department of Computer, Purdue University, West Lafayette, IN, 1994.
D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen, “Honeystat: Local Worm Detection Using Honeypots,” in Recent Advances in Intrusion Detection, pp. 39–58, Springer, 2004.
C. Fiedler, “Secure Your Database by Building HoneyPot Architecture Using a SQL Database Firewall.” http://goo.gl/yr55Cp.
C. Mulliner, S. Liebergeld, and M. Lange, “Poster: Honeydroid-Creating a Smartphone Honeypot,” in IEEE Symposium on Security and Privacy, 2011.
M. Wählisch, A. Vorbach, C. Keil, J. Schönfelder, T. C. Schmidt, and J. H. Schiller, “Design, Implementation, and Operation of a Mobile Honeypot,” tech. rep., Cornell University Library, 2013.
C. Seifert, I. Welch, and P. Komisarczuk, “Honeyc: The Low Interaction Client Honeypot,” Proceedings of the 2007 NZCSRCS, 2007.
K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis, “Detecting Targeted Attacks Using Shadow Honeypots,” in Proceedings of the 14th USENIX Security Symposium, 2005.
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, “Inside the Slammer Worm,” IEEE Security & Privacy, vol. 1, no. 4, pp. 33–39, 2003.
T. Liston, “LaBrea: “Sticky” Honeypot and IDS.” http://labrea.sourceforge.net/labrea-info.html, 2009.
F. Cohen, “The Deception Toolkit.” http://www.all.net/dtk/, 1998.
N. Rowe, E. J. Custy, and B. T. Duong, “Defending Cyberspace with Fake Honeypots,” Journal of Computers, vol. 2, no. 2, pp. 25–36, 2007.
T. Holz and F. Raynal, “Detecting Honeypots and Other Suspicious Environments,” in Information Assurance Workshop, pp. 29–36, IEEE, 2005.
C. Kreibich and J. Crowcroft, “Honeycomb: Creating Intrusion Detection Signatures Using Honeypots,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 1, pp. 51–56, 2004.
D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring Internet Denial-of-Service Activity,” ACM Transactions on Computer Systems (TOCS), vol. 24, no. 2, pp.115–139, 2006.
L. Spitzner, “Honeytokens: The Other Honeypot.” http://www.symantec.com/connect/articles/honeytokens-other-honeypot, 2003.
J. J. Yuill, M. Zappe, D. Denning, and F. Feer, “Honeyfiles: Deceptive Files for Intrusion Detection,” in Information Assurance Workshop, pp. 116–122, IEEE, 2004.
M. Bercovitch, M. Renford, L. Hasson, A. Shabtai, L. Rokach, and Y. Elovici, “HoneyGen: An Automated Honeytokens Generator,” in IEEE International Conference on Intelligence and Security Informatics (ISI’11), pp. 131–136, IEEE, 2011.
A. Juels and R. L. Rivest, “Honeywords: Making Password-Cracking Detectable,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 145–160, ACM, 2013.
X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario, “Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware,” in IEEE International Conference on Dependable Systems and Networks, pp. 177–186, IEEE, 2008.
M. Sourour, B. Adel, and A. Tarek, “Ensuring Security-In-Depth Based on Heterogeneous Network Security Technologies,” International Journal of Information Security, vol. 8, no. 4, pp. 233–246, 2009.
K. Heckman, “Active Cyber Network Defense with Denial and Deception.” http://goo.gl/Typwi4, Mar. 2013.
R. V. Jones, Reflections on Intelligence. London: William Heinemann Ltd, 1989.
M. H. Almeshekah, Using Deception to Enhance Security: A Taxonomy, Model and Novel Uses. PhD thesis, Purdue University, 2015.
M. Harkins, “A New Security Architecture to Improve Business Agility,” in Managing Risk and Information Security, pp. 87–102, Springer, 2013.
J. Boyd, “The Essence of Winning and Losing.” http://www.danford.net/boyd/essence.htm, 1995.
E. M. Hutchins, M. J. Cloppert, and R. M. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” Leading Issues in Information Warfare & Security Research, vol. 1, p. 80, 2011.
K. J. Higgins, “How Lockheed Martin’s ’Kill Chain’ Stopped SecurID Attack.” http://goo.gl/r9ctmG, 2013.
F. Petitcolas, “La Cryptographie Militaire.” http://goo.gl/e5IOj1.
K. D. Mitnick and W. L. Simon, The Art of Deception: Controlling the Human Element of Security. Wiley, 2003.
P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, “Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis,” in The 2007 Network and Distributed System Security Symposium (NDSS’07), 2007.
A. Barth, C. Jackson, and J. C. Mitchell, “Robust Defenses for Cross-Site Request Forgery,” Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08), 2008.
O. W. A. S. P. (OWASP), “OWASP Top 10.” http://owasptop10.googlecode.com/files/OWASPTop10-2013.pdf, 2013.
M. H. Almeshekah and E. H. Spafford, “Planning and Integrating Deception into Computer Security Defenses,” in New Security Paradigms Workshop (NSPW’14), (Victoria, BC, Canada), 2014.
J. B. Bell and B. Whaley, Cheating and Deception. Transaction Publishers New Brunswick, 1991.
M. Bennett and E. Waltz, Counterdeception Principles and Applications for National Security. Artech House, 2007.
J. R. Thompson, R. Hopf-Wichel, and R. E. Geiselman, “The Cognitive Bases of Intelligence Analysis,” tech. rep., US Army Research Institute for the Behavioral and Social Sciences, 1984.
R. Jervis, Deception and Misperception in International Politics. Princeton University Press, 1976.
G. Hofstede, G. Hofstede, and M. Minkov, Cultures and Organizations. McGraw-Hill, 3rd ed., 2010.
D. Gus and D. Dorner, “Cultural Difference in Dynamic Decision-Making Strategies in a Non-lines, Time-delayed Task,” Cognitive Systems Research, vol. 12, no. 3–4, pp. 365–376, 2011.
R. Godson and J. Wirtz, Strategic Denial and Deception. Transaction Publishers, 2002.
A. Tversky and D. Kahneman, “Judgment under Uncertainty: Heuristics and Biases.,” Science, vol. 185, pp. 1124–31, Sept. 1974.
S. A. Sloman, “The Empirical Case for Two Systems of Reasoning,” Psychological Bulletin, vol. 119, no. 1, pp. 3–22, 1996.
A. Tversky and D. Koehler, “Support Theory: A Nonextensional Representation of Subjective Probability.,” Psychological Review, vol. 101, no. 4, p. 547, 1994.
A. Tversky and D. Kahneman, “Extensional Versus Intuitive Reasoning: The Conjunction Fallacy in Probability Judgment,” Psychological review, vol. 90, no. 4, pp. 293–315, 1983.
L. Zhao and M. Mannan, “Explicit Authentication Response Considered Harmful,” in New Security Paradigms Workshop (NSPW ’13), (New York, New York, USA), pp. 77–86, ACM Press, 2013.
R. S. Nickerson, “Confirmation Bias: A Ubiquitous Phenomenon in Many Guises,” Review of General Psychology, vol. 2, pp. 175–220, June 1998.
C. Sample, “Applicability of Cultural Markers in Computer Network Attacks,” in 12th European Conference on Information Warfare and Security, (University of Jyvaskyla, Finland), pp. 361–369, 2013.
S. B. Murphy, J. T. McDonald, and R. F. Mills, “An Application of Deception in Cyberspace: Operating System Obfuscation,” in Proceedings of the 5th International Conference on Information Warfare and Security (ICIW 2010), pp. 241–249, 2010.
W. Wang, J. Bickford, I. Murynets, R. Subbaraman, A. G. Forte, and G. Singaraju, “Detecting Targeted Attacks by Multilayer Deception,” Journal of Cyber Security and Mobility, vol. 2, no. 2, pp. 175–199, 2013.
X. Fu, On Traffic Analysis Attacks and Countermeasures. PhD Dissertation, Texas A & M University, 2005.
S. A. Hofmeyr, S. Forrest, and A. Somayaji, “Intrusion Detection Using Sequences of System Calls,” Journal of Computer Security, vol. 6, no. 3, pp. 151–180, 1998.
F. Cohen and D. Koike, “Misleading Attackers with Deception,” in Proceedings from the 5th annual IEEE SMC Information Assurance Workshop, pp. 30–37, IEEE, 2004.
T. E. Carroll and D. Grosu, “A Game Theoretic Investigation of Deception in Network Security,” Security and Communication Networks, vol. 4, no. 10, pp. 1162–1172, 2011.
R. Hesketh, Fortitude: The D-Day Deception Campaign. Woodstock, NY: Overlook Hardcover, 2000.
Acknowledgements
The material in the chapter is derived from [29]. Portions of this work were supported by National Science Foundation Grant EAGER-1548114, by Northrop Grumman Corporation (NGCRC), and by sponsors of the Center for Education and Research in Information Assurance and Security (CERIAS).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Almeshekah, M.H., Spafford, E.H. (2016). Cyber Security Deception. In: Jajodia, S., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Deception. Springer, Cham. https://doi.org/10.1007/978-3-319-32699-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-32699-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-32697-9
Online ISBN: 978-3-319-32699-3
eBook Packages: Computer ScienceComputer Science (R0)