USENIX Security '21 - Examining the Efficacy of Decoy-based and Psychological Cyber Deception
Kimberly J. Ferguson-Walter, Laboratory for Advanced Cybersecurity Research; Maxine M. Major, Naval Information Warfare Center, Pacific; Chelsea K. Johnson, Arizona State University; Daniel H. Muhleman, Naval Information Warfare Center, Pacific
The threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques. Attackers often rely on direct observation of cyber environments. This reliance provides opportunities for defenders to affect attacker perception and behavior by plying the powerful tools of defensive cyber deception. In this paper we analyze data from a controlled experiment designed to understand how defensive deception, both cyber and psychological, affects attackers . Over 130 professional red teamers participated in a network penetration test in which both the presence and explicit mention of deceptive defensive techniques were controlled. While a detailed description of the experimental design and execution along with preliminary results related to red teamer characteristics has been published, it did not address any of the main hypotheses. Granted access to the cyber and self-report data collected from the experiment, this publication begins to address theses hypotheses by investigating the effectiveness of decoy systems for cyber defense through comparison of various measures of participant forward progress across the four experimental conditions. Results presented in this paper support a new finding that the combination of the presence of decoys and providing information that deception is present has the greatest impact on cyber attack behavior, when compared to a control condition in which no deception was used.
View the full USENIX Security '21 Program at https://www.usenix.org/conference/usenixsecurity21/technical-sessions