Publication:
EXPLORATORY DATA ANALYSIS OF DEFENSIVE CYBER DECEPTION EXPERIMENTATION

Loading...
Thumbnail Image
Authors
Senft, Michael
Subjects
cyber deception
deception
Tularosa study
decoy
network graph
network traffic
cyber
cybersecurity
quantum
quantum probability theory
exploratory data analysis
factor analysis
Advisors
Michael, James B.
Buettner, Raymond R., Jr.
McGuire, Mollie R.
Canan, Anthony M.
Schuchard, Ross J.
Ferguson-Walter, Kimberly, Laboratory for Advanced Cybersecurity Research
Date of Issue
2023-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
The use of cyber deception is a powerful but underutilized practice for spoiling cyber-attacker activity from initial reconnaissance to actions on an objective. This dissertation applies exploratory data analysis techniques to network traffic data collected during the Tularosa study, the largest experiment of defensive cyber deception involving human subjects to date. Using a network-graph–based information technology artifact developed for this research temporal variables of latency, frequency, and duration for system interactions were extracted from over 200 gigabytes of network traffic collected during the Tularosa study. Analysis of the data bolsters previous assertions that decoy-based deception is significantly more effective against cyber-attackers when presence of deception is known and suggests this impact is enduring. Distinct temporal patterns for aggregated network traffic for each experimental group were also identified. This research also provides the first application of factor analysis to data collected during the Tularosa study, which highlighted the key role of technical experience in explaining observed variance. Finally, quantum probability theory is explored as a potential model to explain variations in latency observed between the control and experimental groups which may be the result of interference effect and/or order effect phenomena. Cyber-defenders can apply findings from this research to impede cyber-attacker activity.
Type
Thesis
Description
Includes Supplementary Material
Series/Report No
Department
Information Sciences (IS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections