Deception Tree Model for Cyber Operation
| Autor: | Changwook-Park, Young-Gab Kim |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Honeypot
Exploit Computer science media_common.quotation_subject 05 social sciences Perspective (graphical) ComputingMilieux_LEGALASPECTSOFCOMPUTING 020207 software engineering 02 engineering and technology Deception computer.software_genre Computer security 0202 electrical engineering electronic engineering information engineering ComputingMilieux_COMPUTERSANDSOCIETY Malware 0501 psychology and cognitive sciences Strategic advantage Cyberspace computer 050107 human factors Decision tree model media_common |
| Zdroj: | 2019 International Conference on Platform Technology and Service (PlatCon). |
| DOI: | 10.1109/platcon.2019.8669410 |
| Popis: | Modern cyber operations are evolving from direct attacks and defense to complex cyber operations that involve deception. As deceptions is included in cyber-attacks and defenses, deception elements should be identified to respond to cyber operations. If appropriate countermeasures can be taken for identified deception elements, they can gain a strategic advantage in cyberspace. Related cyber deception research includes developing response tools for attackers from a defensive standpoint and developing attack techniques that exploit human cognitive vulnerabilities. Other research has classified deception tools according to their purposes and has studied procedures for effectively carrying out deception. However, existing studies neither consider specific deception objectives nor classify deception in complex cyber operations. Classifying deception in cyber operations requires dividing cyberspace into physical, logical, and persona layers, the targets of cyber operations should be identified from machines to humans, and deception procedures should be identified from TTPs to objectives. In response, this paper proposes a "deception tree model" that can be categorized from a cyber-deceitful TTP perspective. The deception tree model can distinguish targets from humans and machines in terms of attack and defense and systematically establish the effects, tactics, techniques, and procedures of selected targets. Three cases were applied and analyzed to verify the performance of the deception tree model. The first case is the cyber incident that occurred at KHNP in 2014 in which a deceitful attack was conducted on humans, the second case is using Honeynet technology to deceive the attacker, and third case is using Anti-Ransomware technology to deceive malware. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|