Home / Publications / Papers / [Paper] Planning and Integrating Deception into Computer Security Defenses

[Paper] Planning and Integrating Deception into Computer Security Defenses

Mohammed H. Almeshekah and Eugene H. Spafford
New Security Paradigms Workshop (NSPW’14), Victoria, BC, Canada, 15-18 September 2014
Paper (full text)

ABSTRACT: Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that use deception were ad-hoc attempts to incorporate deceptive elements. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of fundamental reasons why deception works and the essential principles involved in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception in many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be de- signed to exploit specific adversaries’ biases. We investigate these biases and discuss how can they be used by presenting a number of examples.

Presentation Slides During the Workshop:

Check Also

I have successfully defenses my PhD thesis on “Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses”

I have successfully defended my PhD thesis and ended my journey at Purdue. This would have …

Leave a Reply

Your email address will not be published. Required fields are marked *