Designing Good Deceptions in Defense of Information Systems

Rowe, Neil C.

dc.contributor.author	Rowe, Neil C.
dc.date	December 2004
dc.date.accessioned	2013-09-18T16:39:31Z
dc.date.available	2013-09-18T16:39:31Z
dc.date.issued	2004-12
dc.identifier.citation	2004 Computer Security Applications Conference, Tucson, AZ, December.
dc.identifier.uri	https://hdl.handle.net/10945/36429
dc.description	This paper appeared in the 2004 Computer Security Applications Conference, Tucson, AZ, December.	en_US
dc.description.abstract	Since attackers trust computer systems to tell them the truth, it may be effective for those systems to lie or mislead. This could waste the attacker's resources while permitting time to organize a better defense, and would provide a second line of defense when access controls have been breached. We propose here a probabilistic model of attacker beliefs in each of a set of "generic excuses" (including deception) for their inability to accomplish their goals. We show how the model can be updated by evidence presented to the attacker and feedback from the attacker's own behavior. We show some preliminary results with human subjects supporting our theory. We show how this analysis permits choosing appropriate times and methods to deceive the attacker.	en_US
dc.description.sponsorship	supported by the U.S. National Science Foundation under the Cyber Trust program	en_US
dc.publisher	Monterey, California. Naval Postgraduate School	en_US
dc.title	Designing Good Deceptions in Defense of Information Systems	en_US
dc.type	Conference Paper	en_US
dc.contributor.corporate	Cebrowski Institute
dc.description.distributionstatement	Approved for public release; distribution is unlimited.