The Tularosa Study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception

Ferguson-Walter, Kimberly; Shade, Temmie; Rogers, Andrew H.; Niedbala, Elizabeth M.; Trumbo, Michael C.; Nauer, Kevin; Divis, Kristin Marie; Jones, Aaron P.; Combs, Angela; Abbott, Robert G.

doi:10.24251/hicss.2019.874

Cited by 35 publications

(41 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With enough time spent interacting with such a system, an attacker may eventually care less about correctly identifying machines. Results from a similar study employing deception, which the authors also have access to (Ferguson-Walter et al, 2019), an attacker noted: Such an effect greatly improves the chances that a defensive team will detect and mitigate an attack. Biases in attacker decision-making can lead to psychologically motivated improvements in defense.…”

Section: Biases Exhibited and Observedmentioning

confidence: 99%

“…No doubt all types of rigorous assessment of human performance in cyber operators remains important to conduct. We noted throughout that our assessment of biases here was exploratory; however, a new experiment (Ferguson-Walter et al, 2019) involving 138 professional red teamers will have biases assessed using an inter-rater system combining cyber and psychology SMEs.…”

Section: Disrupting Cyber Attacker Cognitionmentioning

confidence: 99%

See 1 more Smart Citation

Are Cyber Attackers Thinking Fast and Slow? Exploratory Analysis Reveals Evidence of Decision-Making Biases in Red Teamers

Gutzwiller

Ferguson-Walter²,

Fugate³

2019

Proceedings of the Human Factors and Ergonomics Society Annual

View full text Add to dashboard Cite

We report on whether cyber attacker behaviors contain decision making biases. Data from a prior experiment were analyzed in an exploratory fashion, making use of think-aloud responses from a small group of red teamers. The analysis provided new observational evidence of traditional decision-making biases in red team behaviors (confirmation bias, anchoring, and take-the-best heuristic use). These biases may disrupt red team decisions and goals, and simultaneously increase their risk of detection. Interestingly, at least part of the bias induction may be related to the use of cyber deception. Future directions include the development of behavioral measurement techniques for these and additional cognitive biases in cyber operators, examining the role of attacker traits, and identifying the conditions where biases can be induced successfully in experimental conditions.

show abstract

Section: Biases Exhibited and Observedmentioning

confidence: 99%

Section: Disrupting Cyber Attacker Cognitionmentioning

confidence: 99%

Are Cyber Attackers Thinking Fast and Slow? Exploratory Analysis Reveals Evidence of Decision-Making Biases in Red Teamers

Gutzwiller

Ferguson-Walter²,

Fugate³

2019

Proceedings of the Human Factors and Ergonomics Society Annual

View full text Add to dashboard Cite

show abstract

“…Creating decoy systems with large numbers of false assets as opposed to real ones can reduce the ability of an attacker to successfully target a real asset through reducing their chances, distracting them from real assets, and forcing them to switch attention and perform additional tasks which, in turn, slows them down [4] [28]. Further benefits of decoy systems can be the improved detection of attackers from their engagement with false assets and increasing their level of confusion about the network's credibility [4].…”

Section: Background and Related Workmentioning

confidence: 99%

“…Further benefits of decoy systems can be the improved detection of attackers from their engagement with false assets and increasing their level of confusion about the network's credibility [4]. Decoy networks have been extensively tested through red-teaming experiments, including detailed exploration of red teamers' behaviour, personality and cognition, and physiological responses to cyber deception [28]. Use of host-based deception and deceptive messages has been shown in experiments to disrupt attacker decision-making, increase the time to conduct the deception and increase confusion within the attacker or attacking team [15].…”

Section: Background and Related Workmentioning

confidence: 99%

“…In taking this approach we build on the work of Reid and Black [30] and their qualitative, inductive study. This research includes a discussion about the connection between technology, and the real-world context (referencing the work on warrants and digital footprints by [31], [32]) and highlights the need for dynamic cyber deception systems and methods [17], [22] and for deception tools that are both 'generic and expressive' [28].…”

Section: Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Design Thinking for Cyber Deception

Ashenden¹,

Black²,

Reid³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Cyber deception tools are increasingly sophisticated but rely on a limited set of deception techniques. In current deployments of cyber deception, the network infrastructure between the defender and attacker comprises the defence/attack surface. For cyber deception tools and techniques to evolve further they must address the wider attack surface; from the network through to the physical and cognitive space. One way of achieving this is by fusing deception techniques from the physical and cognitive space with the technology development process. In this paper we trial design thinking as a way of delivering this fused approach. We detail the results from a design thinking workshop conducted using deception experts from different fields. The workshop outputs include a critical analysis of design provocations for cyber deception and a journey map detailing considerations for operationalising cyber deception scenarios that fuse deception techniques from other contexts. We conclude with recommendations for future research.

show abstract