Cyber Deception and Cyberpsychology for Defense

Description

Creating a system that is always protected and secure in all situations against all attackers is a far-reaching and likely impossible goal. It is important for researchers to continue to move systems closer to guarantees of security, but it is also essential to create techniques to adaptively defend against an attacker who circumvents the current security or has insider knowledge of system properties or security practices. Deception for cyber defense works towards that goal—to rebalance the asymmetric nature of computer defense by increasing attacker workload and risk while decreasing that of the defender.

Cyber deception is one defensive technique that considers the human component of a cyber attack. Deception holds promise as a successful tactic for making an attacker’s job harder because it does more than just block access: it can also cause the attacker to waste both time and effort. Moreover, deception can be used by a defender to impart an incorrect belief in the attacker, the effects of which can go beyond any static defense. Understanding the human cognition and behavior of both the cyber defender and cyber attacker is a critical component of cybersecurity. Cyberpsychology research advances the science of human behavior and decision making in cyberspace to understand, anticipate, and influence attacker behavior. It also seeks to ensure scientific rigor and quantify the effectiveness of our defensive methods.

In the cyber world, an attacker only knows what is perceived through observation of the target network. The intruder is often thousands of miles away from the network to which he or she is attempting to gain entry. Unfortunately, modern networks and systems often unintentionally provide more information to an attacker than defenders would like. However, the network owner also has the opportunity to reveal information he or she desires the attacker to know—including deceptive information. Because network information is often complex and incomplete, it provides a natural environment in which to embed deception since, in chaos, there is opportunity. Deception can alter the mindset, confidence, and decision-making process of an attacker, which can have more significant effects than traditional defenses. Furthermore, using deception for defensive purposes gives the defender at least partial control of what an attacker knows, which can provide opportunities for strategic interaction with an attacker.

Authorized users of systems and networks, or masqueraders of these users, may act as attackers. These insiders can leak sensitive information deliberately or accidentally. Detecting and thwarting these attacks is more difficult than dealing with external attackers because the users are often authorized to access the information they leak, or the systems and networks the data is on. As a defensive technique, deception in this context must take into account the psychology of the attacker and the organizational, political, and societal environments in which the attack occurs.

These research efforts require an interdisciplinary approach and the mini-track is soliciting papers across multiple disciplines. It is essential to understand attacker and defender cognition and behavior to effectively and strategically induce cognitive biases and increase cognitive load, making our systems more difficult to attack.

Topics of interest include (but are not limited to):

• Science of Deception (e.g., evaluation techniques, deception frameworks applied to cyber);
• Practice of Cyber Deception (e.g., case studies, deception technology, deception detection);
• Understanding/influencing the cyber adversary (e.g., adversary emulation, measures of effectiveness);
• Psychological and social-cultural adversarial mental models that can be used to estimate and predict adversarial mental states and decision processes;
• Cognitive Modeling of cyber tasks;
• Adversary observation/learning schemes through both active multi-level “honey bait” systems and passive watching, in conjunction with active learning and reasoning to deal with partial information and uncertainties;
• Oppositional Human Factors to induce cognitive biases and increase cognitive load for cyber attackers;
• Metrics for quantifying deception effectiveness in driving adversary mental state and in determining optimized deception information composition and projection;
• Experimental Design, approaches, and results;
• Theoretical formulation for a one-shot or multiple rounds of attacker/defender interaction models;
• Identification of social/cultural factors in mental state estimation and decision manipulation process;
• Cyber maneuver and adaptive defenses;
• Cyber defense teaming;
• Protecting our autonomous systems from being deceived;
• Policy hurdles, solutions, and case studies in adoption of cyber deception technologies;
• Predicting, understanding and protecting against insider threats;
• Analyzing the effects of insider attacks;
• Human factors and the insider threat problem;
• Examining the causes of an insider threat from a behavioral science perspective; and
• Measuring the effectiveness of mitigation technologies and methodologies.

Justification

Before the Cyber Deception for Defense minitrack at HICSS-53, there was no existing academic conference with proceedings that specifically calls for papers on cyber deception. The proposed program chairs each had previously organized their own independent workshop on cyber deception and are well known in that community. A number of notable experts from academia, industry, government, and funding agencies regularly attend these events. The cyber deception community needs to join with a conference to have one repeating location where researchers can gather to share and discuss results. The outcome of the first mintrack was as expected, with a record-breaking number of submissions for an inaugural minitrack and receipt of the best paper award. HICSS continues to be a good candidate because its multi-disciplinary nature aligns with broad range of disciplines that perform research in cyber deception.

Marketing Plan

The co-chairs have a number of approaches to encourage participation in this proposed mini-track. This relies on our extensive, international-level networks to encourage Participation and submissions from our academic, government, and industry contacts. In addition to the participant list from our independent cyber deception workshop run in past years, we can further leverage our specific knowledge of researchers and sponsors of research specifically focused on cyber deception.

Supporting information:

1. Dr. Ferguson-Walter and Dr. Fugate are founding members of a new cybersecurity technical group at the Human Factors and Ergonomics Society (HFES) and can send email solicitations to the mailing list, as well as post fliers and spread the word at the annual conference.

2. Dr. Ferguson-Walter has hosted two Cyber Deception Workshops focused on government agencies, national labs and other partners working on cyber deception and has started a Community of Interest (COI) on cyber deception which can be used to advertise related conferences and call for papers.

3. Dr. Ferguson-Walter recently hosted an International Workshop on Autonomous Cyber Operations, and has had extensive experience gathering participation and talks for research events.

4. Dr. Fugate recently hosted Cyber Shorelines which focused on government and industry research and practitioners focused on cyber deception, counter-deception, and adversarial machine learning. He has an email list of researchers and technologist interested in future events on these topics.

5. Dr. Fugate has extensive connections within the Navy, including the Naval Academies.

6. Dr. Wang has hosted several Cyber Deception and other workshops focused on academic researchers and has extensive connections having co-authored many publications in this area.

7. Dr. Wang has extensive connections within the Army. Dr. Ferguson-Walter, Dr. Fugate, and he have been involved in several academic collaborations on topics directly related to Cyber Deception.

8. Prof. Bishop has worked within the insider threat and cybersecurity field in academia, and can send email soliciting contributions to several academic mailing lists.

9. Each co-chair will also use their extensive connections within the behavioral science community, both within the government and throughout academia, to ensure the minitrack is interdisciplinary

Minitrack Leaders

Dr. Kimberly Ferguson-Walter is a Senior Research Scientist with the National Security Agency’s Laboratory for Advanced Cybersecurity Research. She earned a BS in Information and Computer Science, cum laude from the University of California Irvine with a specialization in artificial intelligence and her MS and PhD in Computer Science from the University of Massachusetts Amherst. Her research interests are focused on the intersection of computer security, artificial intelligence, and human behavior. Her research background includes reinforcement learning, transfer learning, representation learning, and intelligent tutoring systems. She has been focused on adaptive cybersecurity at the NSA for the past ten years and is the lead for the Research Directorate’s deception for cyber-defense effort. She is currently on joint-duty assignment to the Naval Information Warfare Center Pacific to perform collaborative research and facilitate strategic alignment and technology transfers. She has organized multiple international workshops on cyber deception, autonomous cyber operations, and cognitive security. Dr. Ferguson-Walter is a founding member of the Cybersecurity Technical Group of the Human Factors and Ergonomics Society (HFES) and is a member of the Phi Beta Kappa Honor Society.

Dr. Cliff Wang graduated from North Carolina State University with a PhD in computer engineering in 1996. He has been carrying out research in the area of computer vision, medical imaging, high speed networks, and most recently information security. He has authored over 50 technical papers and 3 Internet standards RFCs. Dr. Wang also authored/edited for 18 books in the area of information security and hold 3 US patents on information security system development. Since 2003, Dr. Wang has been managing extramural research portfolio on information assurance at US Army Research Office. In 2007 he was selected as the director of the computing sciences division at ARO while in the same time managing his program in cyber security. For the past ten years, Dr. Wang managed over $250M research funding which led to significant technology breakthroughs. Dr. Wang also holds adjunct professor appointment at both Department of Computer Science and Department of Electrical and Computer Engineering at North Carolina State University. Dr. Wang is a Fellow of IEEE. Dr. Wang organizes the International Workshop on Cyber Deception and Defenses.

Dr. Sunny Fugate is civil servant for the Naval Information Warfare Center Pacific (formerly known as SPAWAR System Center Pacific) and the center’s Senior Scientific Technical Manager (SSTM) for Cyber Warfare. During the last 16 years Dr. Fugate has run numerous research programs to explore the intersections of cyber defense, cognitive science, game theory, and artificial intelligence. Dr. Fugate earned his BS in Electrical Engineering from the University of Nevada in 2002 and PhD in Computer Science at the University of New Mexico in 2012. Dr. Fugate has also worked in several embedded positions including: Joint Task Force for Global Network Operations; Defense Threat Reduction Agency; and Naval Information Operations Center Hawaii. Dr. Fugate’s current efforts are focused on both improving the human factors of cyber defense and in exploring opportunities to improve cyber defense using defensive deception and game theory. Dr. Fugate hosted the 2018 Cyber Shorelines workshop focused on the use of cyber deception to protect safety and privacy and how we might simultaneously protect autonomous systems from being deceived.