Title :
A model of deception during cyber-attacks on information systems
Author_Institution :
Dept. of Comput. Sci., U.S. Naval Postgraduate Sch., Monterey, CA, USA
Abstract :
Deception is a classic technique useful for military operations. With information systems around the world under frequent attack every day, it is appropriate to consider analogies from conventional warfare, and deception has historically been powerful as both a tactic and a strategy. We here systematically enumerate and rank the available deception options for information systems, both offensively and defensively. We then consider how defensive deceptions can be packaged within "generic excuses" that are more convincing to an attacker than isolated refusals to obey commands. We describe how the selection of the best generic excuses and excuse application times can be formulated with probabilities as an optimization problem and solved. Our theory lends itself well to computer implementation and we provide several examples.
Keywords :
authorisation; data privacy; information systems; multi-agent systems; Bayesian inference; conventional warfare; cyber attacks; deception model; deception options; generic excuses; human communications; information security; information system; military operations; multiagent system; privacy protection; Application software; Communication system security; Computer crime; Computer science; Costs; Information security; Information systems; Military computing; Operating systems; Packaging;
Conference_Titel :
Multi-Agent Security and Survivability, 2004 IEEE First Symposium on
Print_ISBN :
0-7803-8799-6
DOI :
10.1109/MASSUR.2004.1368414
