Design Thinking for Cyber Deception

Ashenden, Debi; Black, Robert J.; Reid, Iain; Henderson, Simon

doi:10.24251/hicss.2021.240

Cited by 5 publications

(6 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It seems likely that awareness of the possibility that any interaction with a system or artefact could reveal them causes greater caution and evaluation of the risk of each interaction. The behaviour and psychology of the adversary in the presence of cyber deception is increasingly a subject of study [85]- [87]. Even at this early stage, however, it is fair to say that, from the defender's perspective, anything that makes intrusion and theft more costly for the perpetrator should be encouraged.…”

Section: Discussion and Concluding Remarksmentioning

confidence: 99%

Deception for Cyber Defence: Challenges and Opportunities

Liebowitz

Nepal

Moore

et al. 2021

2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)

View full text Add to dashboard Cite

Deception is rapidly growing as an important tool for cyber defence, complementing existing perimeter security measures to rapidly detect breaches and data theft. One of the factors limiting the use of deception has been the cost of generating realistic artefacts by hand. Recent advances in Machine Learning have, however, created opportunities for scalable, automated generation of realistic deceptions. This vision paper describes the opportunities and challenges involved in developing models to mimic many common elements of the IT stack for deception effects.

show abstract

Section: Discussion and Concluding Remarksmentioning

confidence: 99%

Deception for Cyber Defence: Challenges and Opportunities

Liebowitz

Nepal

Moore

et al. 2021

2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)

View full text Add to dashboard Cite

show abstract

“…A honeypot serves to lead malicious actors to a deceptive cyber treasure; it is defined as a security mechanism designed to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems [7]. It can come in the form of a fake file, account, or even network, which seamlessly imitates an asset valuable or vulnerable to potential hackers while reporting their activity in the process [14]. The first honeypot, The Cuckoo's Egg, details the work of a lab researcher, Stoll, who used fake strategic defense initiatives to entice a German hacker into exposing information about himself [15].…”

Section: The Honeypotmentioning

confidence: 99%

“…This approach allows for scalable and sophisticated honeypot networks by leveraging network data to mimic real-world network behaviors [19]. Because of the ease in implementing these algorithms, multiple honeypots can be on one system in what is called a honey network [14].…”

Section: The Honeypotmentioning

confidence: 99%

The relevance, effectiveness, and future prospects of cyber deception implementation within organizations

Eng,

King,

Schillaci

et al. 2024

Assurance and Security for AI-enabled Systems

View full text Add to dashboard Cite

Artificial Intelligence (AI) and Machine Learning (ML) based systems have seen tremendous progress in the past years. This unprecedent growth has also opened new challenges and vulnerabilities for keeping AI/ML based systems safe and secure. With a multitude of studies investigating adversarial machine learning (AML) and cyber security for AI/ML systems, there is a need for novel techniques and methodologies for securing these systems. Cyber security is often used as a blanket term meaning all defenses used in the context of cyber. This leaves out methodologies and techniques, being used more offensively, such as cyber deception. This study provides a comprehensive overview of cyber-deception for securing AI/ML systems including its relevance, effectiveness, and its potential for AI/ML assurance. The study provides an overview of behavioral sciences for cyber-deception, the benefits of using cyber deception, and the ethical concerns associated with cyber deception. Additionally, we present a use-case for the utilization of cyber deception with zero-trust architecture (ZTA) for assurance and security for AI/ML based systems.

show abstract

“…Alternatively, the low false positive rate promised by cyber deception vendors may dramatically improve the ability of SOC analysts to make decisions with confidence. Ashenden et al (2021) point out that to date most cyber deception research tends to build from a computer science perspective where the scope is often truncated to misdirecting an attacker on a network rather than impacting decision making and behaviour ( Cranford et al, 2020 ; Shi et al, 2020 ; Sajid et al, 2021 ). The only other significant research that has linked cyber deception and decision making is the Tularosa study by Ferguson-Walter et al (2018) .…”

Section: Literature Reviewmentioning

confidence: 99%

“…This study leveraged deception techniques to examine both the attacker and defender’s (e.g., SOC analysts’) cognitive processes. Ashenden et al (2021) build on this research and explicitly use a definition of deception that links deception, decision making and behaviour [ Ashenden et al (2021) ] using this as a foundation from which to explore the potential of cyber deception using design thinking as a method.…”

Section: Literature Reviewmentioning

confidence: 99%

Understanding decision making in security operations centres: building the case for cyber deception technology

Reeves

Ashenden

2023

Front. Psychol.

Self Cite

View full text Add to dashboard Cite

IntroductionA Security Operations Centre (SOC) is a command centre where analysts monitor network activity, analyse alerts, investigate potential threats, and respond to incidents. By analysing data activities around the clock, SOC teams are crucial in ensuring the prompt detection and response to security incidents. SOC analysts work under considerable pressure to triage and respond to alerts in very short time frames. Cyber deception technology offers the promise of buying SOC analysts more time to respond by wasting the resources and time of attackers, yet such technology remains underutilised.MethodWe carried out a series of interviews with experts to uncover the barriers which prevent the effective implementation of cyber deception in SOCs.ResultsBy using thematic analysis on the data, it was clear that while cyber deception technology is promising it is hindered by a lack of use cases, limited empirical research that demonstrates the efficacy of the technology, hesitancy to embrace a more active form of cyber defence, issues surrounding the over promising of results by off-the-shelf vendors, and an aversion to interrupting the decision-making processes of SOC analysts.DiscussionTaking this last point about the decision-making processes of SOC analysts we make the case that naturalistic decision making (NDM) would help us better understand how SOC analysts make decisions and how cyber deception technology could be used to best effect.

show abstract

Design Thinking for Cyber Deception

Cited by 5 publications

References 35 publications

Deception for Cyber Defence: Challenges and Opportunities

Deception for Cyber Defence: Challenges and Opportunities

The relevance, effectiveness, and future prospects of cyber deception implementation within organizations

Understanding decision making in security operations centres: building the case for cyber deception technology

Contact Info

Product

Resources

About