A model of deception during cyber-attacks on information systems

Author

Rowe, Neil C.

Author_Institution

Dept. of Comput. Sci., U.S. Naval Postgraduate Sch., Monterey, CA, USA

fYear

2004

fDate

30-31 Aug. 2004

Firstpage

21

Lastpage

30

Abstract

Deception is a classic technique useful for military operations. With information systems around the world under frequent attack every day, it is appropriate to consider analogies from conventional warfare, and deception has historically been powerful as both a tactic and a strategy. We here systematically enumerate and rank the available deception options for information systems, both offensively and defensively. We then consider how defensive deceptions can be packaged within "generic excuses" that are more convincing to an attacker than isolated refusals to obey commands. We describe how the selection of the best generic excuses and excuse application times can be formulated with probabilities as an optimization problem and solved. Our theory lends itself well to computer implementation and we provide several examples.

Keywords

authorisation; data privacy; information systems; multi-agent systems; Bayesian inference; conventional warfare; cyber attacks; deception model; deception options; generic excuses; human communications; information security; information system; military operations; multiagent system; privacy protection; Application software; Communication system security; Computer crime; Computer science; Costs; Information security; Information systems; Military computing; Operating systems; Packaging;

fLanguage

English

Publisher

ieee

Conference_Titel

Multi-Agent Security and Survivability, 2004 IEEE First Symposium on

Print_ISBN

0-7803-8799-6

Type

conf

DOI

10.1109/MASSUR.2004.1368414

Filename

1368414