Low-cost active cyber defence

The authors of this paper investigated relatively simple active strategies against selected popular cyber threat vectors. When cyber attacks are analysed for their severity and occurrence, many incidents are usually classified as minor, e.g. span or phishing. We are interested in the various types of low-end cyber incidents (as opposed to high-end states-ponsored incidents and advanced persistent threats) for two reasons: (1) being the least complicated incidents, we expect to find simple active response strategies; (2) being the most common incidents, fighting them will most effectively make cyberspace more secure. We present a literature review encompassing results from academia and practitioners, and describe a previously unpublished hands-on effort to actively hinder phishing incidents. Before that, we take a look at several published definitions of active cyber defence, and identify some contradictions between them. So far we have identified active strategies for the following cyber threats: (1) Nigerian letters - keep up conversation by an artificial intelligence (Al) text analyser and generator; (2) spar - traffic generation for advertised domains; (3) phishing - upload of fake credentials and/or special monitored sandboxed accounts; (4) information collection botnets - fake data (credit card, credentials etc.) upload. The authors analysed the proposed strategies from the security economics point of view to determine why and how these strategies might be effective. We also discuss the legal aspects of the proposed strategies.