Abstract
Cyber-attacks are increasing in the real-world and cause widespread damage to cyber-infrastructure and loss of information. Deception, i.e., actions to promote the beliefs of things that are not true, could be a way of countering cyber-attacks. In this paper, we propose a deception game, which we use to evaluate the decision making of a hacker in the presence of deception. In an experiment, using the deception game, we analyzed the effect of two between-subjects factors in Hacker’s decisions to attack a computer network (N = 100 participants): amount of deception used and the timing of deception. The amount of deception used was manipulated at 2-levels: low and high. The timing of deception use was manipulated at 2-levels: early and late. Results revealed that using late and high deception condition, proportion of not attack actions by hackers are higher. Our results suggest that deception acts as a deterrence strategy for hacker.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Trustwave Global Security. Report retrieved from: https://www2.trustwave.com/rs/815-RFM-693/images/2015_TrustwaveGlobalSecurityReport.pdf
Symantec Corporation. Internet security threat report Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/bistr_main_report_v19_21291018.en-us.pdf (2014)
Whaley, B.: Toward a general theory of deception. J. Strateg. Stud. Frank Cass Lond. 5(1), 178–192 (1982)
Glantz, D.: Military Deception in the Second World War. Cass Series on Soviet Military Theory & Practice. Routledge, London. ISBN 978-0-714-63347-3 (1989)
Denning, D.: Information warfare and security. AddisonWesley, New York (1999)
Mitnick, K.D., Simon, W.L.: The art of deception: controlling the human element of security. Wiley, New York City (2011)
Rowe, N.C., Custy, E.J.: Deception in cyber attacks. In Janczewski L.J., Colarik A.M. (Eds.), Cyber Warfare and Cyber Terrorism, Hershey, PA, Inf. Sci. Ref. pp. 91–93 (2008)
Dutt, V., Ahn, Y.S., Gonzalez, C.: Cyber situation awareness modeling detection of cyber-attacks with instance-based learning theory. Hum. Factors J. Hum. Factors Ergon. Soc. 55(3), 605–618 (2013)
Arora, A., Dutt, V.: Cyber security: evaluating the effects of attack strategy and base rate through instance based learning. In: 12th International Conference on Cognitive Modeling. Ottawa, Canada (2013)
Kaur, A., Dutt, V.: Cyber situation awareness: modeling the effects of similarity and scenarios on cyber attack detection. Paper presented at the 12th International Conference on Cognitive Modeling. Ottawa, Canada (2013)
Gonzalez, C., Dutt, V.: Instance-based learning: integrating sampling and repeated decisions from experience. Psychol. Rev. 118(4), 523 (2011)
Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: 2010 43rd Hawaii International Conference on System Sciences (HICSS), (pp. 1-10). IEEE (2010)
Camerer, C.: Behavioral game theory: experiments in strategic interaction. Princeton University Press, Princeton (2003)
Alpcan, T., Başar, T.: Network security: a decision and game-theoretic approach. Cambridge University Press, Cambridge (2010)
Crouse, M.: Performance Analysis of Cyber Deception Using Probabilistic Models (2012)
Garg, N., Daniel, G.: Deception in honeynets: a game-theoretic analysis. Information Assurance and Security Workshop. IAW’07. IEEE SMC. IEEE, 2007
Dutt, V., Gonzalez, C.: Making instance-based learning theory usable and understandable: the instance-based learning tool. Comput. Hum. Behav. 28(4), 1227–1240 (2012). doi:10.1016/j.chb.2012.02.006
Gonzalez, C., Lerch, J.F., Lebiere, C.: Instance-based learning in dynamic decision making. Cogn. Sci. 27(4), 591–635 (2003). doi:10.1016/S0364-0213(03)00031-4
Kahneman, D., Tversky, A.: Prospect theory: an analysis of decision under risk. Econometrica 263–291, (1979)
Tversky, A., Kahneman, D.: Advances in prospect theory: cumulative representation of uncertainty. J Risk Uncertainty 5(4), 297–323 (1992)
Nevo, I., Ido, E.: On surprise, change, and the effect of recent outcomes. Frontiers in psychology 3 (2012)
George, L.: Cyber-physical attacks. Retrieved from http://www.professionalsecurity.co.uk/reviews/cyber-physical-attacks (2015)
Dutt, V., Ahn, Y.S., Gonzalez, C.: Cyber situation awareness modeling detection of cyber-attacks with instance-based learning theory. Hum. Factors J. Hum. Factors Ergon. Soc. 55(3), 605–618 (2013)
Acknowledgments
We are very grateful to Indian Institute of Technology, Mandi and Department of Electronics and Information Technology, Ministry of Communication & IT, Government of India as a part of Visvesverya Ph.D. scheme for Electronics and IT for their support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Aggarwal, P., Gonzalez, C., Dutt, V. (2016). Cyber-Security: Role of Deception in Cyber-Attack Detection. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-41932-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-41931-2
Online ISBN: 978-3-319-41932-9
eBook Packages: EngineeringEngineering (R0)