Planning Cost-Effective Deceptive Resource Denial in Defense to Cyber-Attacks

Loading...
Thumbnail Image
Authors
Rowe, Neil C.
Subjects
Deception
cyberspace
decision theory
resources
denial
lies
Advisors
Date of Issue
2007-03
Date
March 2007
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Cyber-attacks against computer systems that provide valuable services can often be effectively defended by tactics of deliberately deceptive resource denial. Delaying in response to suspicious requests is one example; it permits time to develop a good defense, facilitates analysis of the attacks and formulation of a response, and may little affect legitimate users. But delays can look suspicious; a better tactic can be for the operating system to falsely claim unavailability of some critical resources that the attacker needs (files, directories, access rights, network connections, or software). This can be more effective than using “security policy” as an excuse to deny those resources because it is unexpected and more flexible. We formulate a decision-theoretic approach to the problem of deciding when to deceive by resource denial in a sequence of interactions with a user of an operating system, and provide general formulae for decisions in planning deceptions. Our theory covers both reactive and proactive deception, and both single-session and multi-session attacks. We also provide additional criteria to ensure logically consistent tactics. We provide some evidence from a survey of users to support our modeling.
Type
Conference Paper
Description
This paper appeared in the 2nd International Conference in I-Warfare and Security, Monterey CA, USA, March 2007.
Series/Report No
Department
Cebrowski Institute, U.S. Naval Postgraduate School
Organization
Identifiers
NPS Report Number
Sponsors
supported by the U.S. National Science Foundation under the Cyber Trust Program
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Collections