Planning Cost-Effective Deceptive Resource Denial in Defense to Cyber-Attacks
Loading...
Authors
Rowe, Neil C.
Subjects
Deception
cyberspace
decision theory
resources
denial
lies
cyberspace
decision theory
resources
denial
lies
Advisors
Date of Issue
2007-03
Date
March 2007
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Cyber-attacks against computer systems that provide valuable services can often be effectively defended by tactics of
deliberately deceptive resource denial. Delaying in response to suspicious requests is one example; it permits time to develop a
good defense, facilitates analysis of the attacks and formulation of a response, and may little affect legitimate users. But delays can
look suspicious; a better tactic can be for the operating system to falsely claim unavailability of some critical resources that the
attacker needs (files, directories, access rights, network connections, or software). This can be more effective than using “security
policy” as an excuse to deny those resources because it is unexpected and more flexible. We formulate a decision-theoretic
approach to the problem of deciding when to deceive by resource denial in a sequence of interactions with a user of an operating
system, and provide general formulae for decisions in planning deceptions. Our theory covers both reactive and proactive
deception, and both single-session and multi-session attacks. We also provide additional criteria to ensure logically consistent
tactics. We provide some evidence from a survey of users to support our modeling.
Type
Conference Paper
Description
This paper appeared in the 2nd International Conference in I-Warfare and Security, Monterey CA, USA, March 2007.
Series/Report No
Department
Cebrowski Institute, U.S. Naval Postgraduate School
Organization
Identifiers
NPS Report Number
Sponsors
supported by the U.S. National Science Foundation under the Cyber Trust Program
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.