A Probabilistic Study On The Relationship Of Deceptions And Attacker Skills

Keywords

CND; Deception; Honeypot; Probability model

Abstract

Honeypots are fundamentally means to detect adversary probing and to observe their tactics, techniques, and procedures. Each attacker is different and ultimately the threat they create can drastically change the effectiveness of a deception solution. Several deception models have been proposed that illustrate the cyber defensive deception process. In this paper we leverage an abstract representation of three deception models in which we further characterize the relationship between the attacker and deployed deception to help in better developing reliable capabilities. We developed an attacker taxonomy to further understand the threat and how infers dictates their overall skill level. We then define conditions or rules of engagement on the successfulness of varying attackers. We leveraged probability models based on these conditions to compute the overall success or failure from an empirical and theoretical perspective. A simulation was developed and conducted to mimic a deception deployment giving probabilistic insight into how successful deceptions are to attackers of different skill levels. The results demonstrate an association where the average skill level changes the overall effectiveness and success of a deception in unique ways. It is our intention that the results can be leveraged by cyber defenders to understand and gauge how simple or intricate a deception should be based on the anticipated threat.

Publication Date

3-29-2018

Publication Title

Proceedings - 2017 IEEE 15th International Conference on Dependable, Autonomic and Secure Computing, 2017 IEEE 15th International Conference on Pervasive Intelligence and Computing, 2017 IEEE 3rd International Conference on Big Data Intelligence and Computing and 2017 IEEE Cyber Science and Technology Congress, DASC-PICom-DataCom-CyberSciTec 2017

Volume

2018-January

Number of Pages

693-698

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.121

Socpus ID

85048095916 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85048095916

This document is currently not available here.

Share

COinS