Faculty Recruiting Support CICS

An Empirical Assessment of the Effectiveness of Deception for Cyber Defense

14 Nov
Thursday, 11/14/2019 12:30pm to 3:00pm
CS 203
PhD Thesis Defense
Speaker: Kimberly Ferguson Walter


The threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques. We designed and conducted an empirical study to understand how defensive deception, both cyber and psychological, affects cyber attackers (Ferguson-Walter, Kimberly et al., 2019). More specifically, for our study, cyber deception refers to a decoy system and psychological deception refers to false information of the presence of defensive deception techniques on the network. Over 130 red teamers participated in a network penetration test over two days in which we controlled both the presence of and explicit mention of deceptive defensive techniques. To our knowledge, this represents the largest study of its kind ever conducted on a skilled red team population. In addition to the abundant host and network data collected, we conducted a battery of questionnaires e.g., experience, personality, and cognitive tasks e.g., fluid intelligence, working memory, as well as physiological measures e.g., galvanic skin response (GSR), heart rate, to be correlated with the cyber events at a later date. The design and execution of this study and the lessons learned are a major contribution of this thesis. We investigate the effectiveness of decoy systems for cyber defense by comparing performance across all experimental conditions. Results support a new finding that the combination of the presence of deception and the true information that deception is present has the greatest effect on cyber attackers, when compared to a control condition in which no deception was used. We then detail and explain the evidence of cognitive biases in the red teamers' behavior, to further support our theory of oppositional human factors. We conclude by discussing how elements of our experimental design contribute to the validity of assessing the effectiveness of cyber deception and review trade-offs and lessons learned.

Advisor: Brian Levine