Deception Techniques in Computer Security

Han, Xiao; Kheir, Nizar; Balzarotti, Davide

doi:10.1145/3214305

Cited by 79 publications

(55 citation statements)

References 64 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Under dissimulation the authors identify masking (hiding the real by making it invisible), repackaging (hiding the real by disguising) and dazzling (hiding the real by confusion), and under simulation it is included mimicking (showing the false through imitation), inventing (showing the false by displaying a different reality) and decoying (showing the false by diverting attention) [78]. Although deception is considered a usual tactic in CND operations [79][80][81], their study from an offensive point of view is not as usual, so we consider it as a key research line.…”

Section: Discussionmentioning

confidence: 99%

CNA Tactics and Techniques: A Structure Proposal

Villalón-Huerta

Ripoll

Marco-Gisbert

2021

JSAN

View full text Add to dashboard Cite

Destructive and control operations are today a major threat for cyber physical systems. These operations, known as Computer Network Attack (CNA), and usually linked to state-sponsored actors, are much less analyzed than Computer Network Exploitation activities (CNE), those related to intelligence gathering. While in CNE operations the main tactics and techniques are defined and well structured, in CNA there is a lack of such consensuated approaches. This situation hinders the modeling of threat actors, which prevents an accurate definition of control to identify and to neutralize malicious activities. In this paper, we propose the first global approach for CNA operations that can be used to map real-world activities. The proposal significantly reduces the amount of effort need to identify, analyze, and neutralize advanced threat actors targeting cyber physical systems. It follows a logical structure that can be easy to expand and adapt.

show abstract

Section: Discussionmentioning

confidence: 99%

CNA Tactics and Techniques: A Structure Proposal

Villalón-Huerta

Ripoll

Marco-Gisbert

2021

JSAN

View full text Add to dashboard Cite

show abstract

“…Existing studies classify cyber deception defense techniques following their deployment in computer network systems [25] or interaction level with attackers [18]. For instance, Honeypot could be deployed in DMZ, Honeytoken in the runtime environment, and Honeyfile in application layer.…”

Section: Cyber Deception Defensementioning

confidence: 99%

“…According to Han et al [25], a successful Honeyfile deployment includes enticing text content to sustain deception and a monitor system to observe and detect malicious behaviors. As EDGE addresses the first issue, a further study to improve monitor system and deployment is worthy of the future investigation.…”

Section: Future Work and Conclusion 61 Future Workmentioning

confidence: 99%

EDGE: An Enticing Deceptive-content GEnerator as Defensive Deception

2021

KSII TIIS

View full text Add to dashboard Cite

Cyber deception defense mitigates Advanced Persistent Threats (APTs) with deploying deceptive entities, such as the Honeyfile. The Honeyfile distracts attackers from valuable digital documents and attracts unauthorized access by deliberately exposing fake content. The effectiveness of distraction and trap lies in the enticement of fake content. However, existing studies on the Honeyfile focus less on this perspective. In this work, we seek to improve the enticement of fake text content through enhancing its readability, indistinguishability, and believability. Hence, an enticing deceptive-content generator, EDGE, is presented. The EDGE is constructed with three steps: extracting key concepts with a semantics-aware K-means clustering algorithm, searching for candidate deceptive concepts within the Word2Vec model, and generating deceptive text content under the Integrated Readability Index (IR). Furthermore, the readability and believability performance analyses are undertaken. The experimental results show that EDGE generates indistinguishable deceptive text content without decreasing readability. In all, EDGE proves effective to generate enticing deceptive text content as deception defense against APTs.

show abstract

“…This challenge is due to the current approach used in generating deceptive content. Current decoy generation methods employ random unrealistic bogus data, words that are frequently searched on the internet, random word extracted from web data, corpus-based generation, manually created templates for database fields and file attributes [51]- [54]. These approaches fail to convince malicious persons as they fail to generate words and sentences expected to reside within a document, they reveal the underlying file names and metadata, they leak information about the underlying message, thus leading the attacker to reconstruct and extract the underlying message from the decoy document.…”

Section: B Deception-based Approachesmentioning

confidence: 99%

“…Several studies have indicated that creating realistic, enticing, adaptive, with no distinguishable features (from the plaintext contents) is the essential pre-requisite for convincing an adversary to accept a decoy message as the underlying plaintext message during an attack. These features are possible with natural language and artificial intelligence as an adversary can only be convinced when the decoy message reflects the way human uses natural language [51]- [54].…”

Section: B Deception-based Approachesmentioning

confidence: 99%

A Deception Model Robust to Eavesdropping Over Communication for Social Network Systems

et al. 2019

View full text Add to dashboard Cite

Communication security deals with attributes such as confidentiality, integrity, and availability. The current strategies used to achieve covertness of communication employs encryption. Encryption techniques minimize eavesdropping on the conversation between the conversing parties by transforming the message into an unreadable form. However, it does not prevent or discourage eavesdroppers from stealing and attempting to decrypt the encrypted messages using a brute-force attack or by randomly guessing the key. The probability of the eavesdropper acquiring the key and recovering the message is high as he/she can distinguish a correct key from incorrect keys based on the output of the decryption. This is because a message has some structure-texts, pictures, and videos. Thus, an attempt at decrypting with a wrong key yields random gibberish that does not comply with the expected structure. Furthermore, the consistent increase in computational power implies that stolen encrypted data may gradually debilitate to a brute-force attack. Thus, causing the eavesdropper to learn the content of the message. To this end, the objective of this research is to reinforce the current encryption measures with a decoy-based deception model where the eavesdropper is discouraged from stealing encrypted message by confounding his resources and time. Our proposed model leverages its foundation from decoys, deception, and artificial intelligence. An instant messaging application was developed and integrated with the proposed model as a proof of concept. Further details regarding the design, analysis, and implementation of the proposed model are substantiated. The result shows that the proposed model reinforces state-of-the-art encryption schemes and will serve as an effective component for discouraging eavesdropping and curtailing brute-force attack on encrypted messages.

show abstract

Deception Techniques in Computer Security

Cited by 79 publications

References 64 publications

CNA Tactics and Techniques: A Structure Proposal

CNA Tactics and Techniques: A Structure Proposal

EDGE: An Enticing Deceptive-content GEnerator as Defensive Deception

A Deception Model Robust to Eavesdropping Over Communication for Social Network Systems

Contact Info

Product

Resources

About