DeepAI AI Chat
Log In Sign Up

Three Decades of Deception Techniques in Active Cyber Defense – Retrospect and Outlook

by   Li Zhang, et al.

Deception techniques have been widely seen as a game changer in cyber defense. In this paper, we review representative techniques in honeypots, honeytokens, and moving target defense, spanning from the late 1980s to the year 2021. Techniques from these three domains complement with each other and may be leveraged to build a holistic deception based defense. However, to the best of our knowledge, there has not been a work that provides a systematic retrospect of these three domains all together and investigates their integrated usage for orchestrated deceptions. Our paper aims to fill this gap. By utilizing a tailored cyber kill chain model which can reflect the current threat landscape and a four-layer deception stack, a two-dimensional taxonomy is developed, based on which the deception techniques are classified. The taxonomy literally answers which phases of a cyber attack campaign the techniques can disrupt and which layers of the deception stack they belong to. Cyber defenders may use the taxonomy as a reference to design an organized and comprehensive deception plan, or to prioritize deception efforts for a budget conscious solution. We also discuss two important points for achieving active and resilient cyber defense, namely deception in depth and deception lifecycle, where several notable proposals are illustrated. Finally, some outlooks on future research directions are presented, including dynamic integration of different deception techniques, quantified deception effects and deception operation cost, hardware-supported deception techniques, as well as techniques developed based on better understanding of the human element.


Cyber Deception for Computer and Network Security: Survey and Challenges

Cyber deception has recently received increasing attentions as a promisi...

Cybonto: Towards Human Cognitive Digital Twins for Cybersecurity

Cyber defense is reactive and slow. On average, the time-to-remedy is hu...

DOLOS: A Novel Architecture for Moving Target Defense

Moving Target Defense and Cyber Deception emerged in recent years as two...

A Game-Theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy

Cyber attacks on both databases and critical infrastructure have threate...

Probably Something: A Multi-Layer Taxonomy of Non-Fungible Tokens

Purpose: This paper aims to establish a fundamental and comprehensive un...

Game Theory for Cyber Deception: A Tutorial

Deceptive and anti-deceptive technologies have been developed for variou...

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

The increasing instances of advanced attacks call for a new defense para...