Phase I report on intelligent software decoys: technical feasibility and institutional issues in the context of homeland security

Abstract

The purpose of this project is to explore the technical feasibility and institutional issues associated with applying software-based deception techniques as part of Homeland defense. At present, we refer to the embodiment of software-based deception as intelligent software decoys, although this name may change in the next phase of our research. The key idea that we are pursuing is that software-based deception can be used to harden software assets against attack. An important novel aspect of our research is that we introduce the concept of conducting counterintelligence and intelligently employing countermeasures in cyberspace via software-based deception. The owners of computing assets may have to deploy intelligent software decoys with such capabilities in order to counter attacks conducted by technology-savvy terrorists and criminals, in addition to information warriors from rogue or enemy nation-states

conventional countermeasures will likely be ineffective against the sophisticated arsenal of cyber weapons at the disposal of such attackers, and any countermeasure will be difficult to deploy without reliable counterintelligence, particularly if the users of countermeasures intend to avoid becoming cyber war criminals. In this report, we summarize our research and its relevance to Homeland security, and briefly discuss our plans for furthering our work under Phase II of the Naval Postgraduate School's Homeland Security Research and Technology Program. The initial results of our work indicate to us that software- based deception could play a pivotal role in protecting the U.S. critical information infrastructure and critical software applications that rely on that infrastructure.