Presentation: The Role of Deception in Attack Decisions Using Cybersecurity Scenarios

10:45am - 11:30am
Ballroom 3

Current Technology and Challenges

Deception, the art of making someone believe in something that is not true, may provide a promising real-time solution against cyber attacks. Honeypots are one of the effective deception tools in the network defense to lure hackers. They are servers that mimic a real server with high value, but they are actually fake. This research aims to understand the motives and processes involved in making attack and defend decisions in cybersecurity scenarios involving deception. We use laboratory experiments and build computational cognitive models that represent the process by which attack and defend decisions are made in simplified, simulated scenarios. We will report on the results of a laboratory experiment using a game designed to investigate the role of deception (i.e., amount and timing) on a hacker’s decisions. Results revealed the average proportion of attacks was lower and non-attacks were higher when deception occurred late in the game and when the amount of deception was higher. This result found in an abstract simplified scenario was replicated in a real-world simulation tool called the HackIT. HackIT is a cybersecurity tool that allows us to create various cyber situations and map to real-world cyber attack scenarios by involving two phases: probe and attack. The probe phase involves scanning webservers in the network for vulnerabilities while the attack phase involves gaining access to different computers and stealing information or compromising computer systems. By using the HackIT tool, one can create networks of different sizes, use deception and configure different webservers as honeypots, and create any number of fictitious ports, services, fake operating systems and fake files on honeypots. The HackIT tool can run various network commands that include nmap, use_exploit, ls and scp. Learning about the decisions of hackers and analysts in the HackIT tool can help cybersecurity teams train analysts against hackers and their different attack strategies in simulated real-world settings. The development of the HackIT game was a step toward analyzing human decisions in cybersecurity environments.

This session counts for one CPEC.

Palvi Aggarwal
Post Doctoral Fellow, Carnegie Mellon University
Coty Gonzalez
Research Professor, Carnegie Mellon University