Malicious User Experience Design Research for Cybersecurity

This paper explores the factors and theory behind the user-centered research that is necessary to create a successful game-like prototype, and user experience, for malicious users in a cybersecurity context. We explore what is known about successful addictive design in the fields of video games and gambling to understand the allure of breaking into a system, and the joy of thwarting the security to reach a goal or a reward of data. Based on the malicious user research, game user research, and using the GameFlow framework, we propose a novel malicious user experience design approac

Concealing Cyber-Decoys using Two-Sided Feature Deception Games

An increasingly important tool for securing computer networks is the use of deceptive decoy objects (e.g., fake hosts, accounts, or files) to detect, confuse, and distract attackers. One of the well-known challenges in using decoys is that it can be difficult to design effective decoys that are hard to distinguish from real objects, especially against sophisticated attackers who may be aware of the use of decoys. A key issue is that both real and decoy objects may have observable features that may give the attacker the ability to distinguish one from the other. However, a defender deploying decoys may be able to modify some features of either the real or decoy objects (at some cost) making the decoys more effective. We present a game-theoretic model of two-sided deception that models this scenario. We present an empirical analysis of this model to show strategies for effectively concealing decoys, as well as some limitations of decoys for cyber security

Towards improving the security of low-interaction honeypots: insights from a comparative analysis

The recent increase in the number of security attacks by cyber-criminals on small businesses meant that security remained a concern for such organizations. In many such cases, detecting the attackers remained a challenge. A common tool to augment existing attack detection mechanisms within networks involves the use of honeypot systems. A fundamental feature of low-interaction honeypots is to be able to lure intruders, but the effectiveness of such systems has nevertheless been affected by various constraints. To be able to secure honeypots systems, it is important to firstly determine its requirements, before taking appropriate actions to ensure that the identified requirements have been achieved. This paper critically examines how existing low-interaction honeypot systems abide to major requirements before recommending how their security could be improved

Defense-through-Deception Network Security Model: Securing University Campus Network from DOS/DDOS Attack

Denial of Service (DOS) and (DDOS) Distributed Denial of Service attacks have become a major security threat to university campus network security since most of the students and teachers prepare online services such as enrolment, grading system, library etc. Therefore, the issue of network security has become a priority to university campus network management. Using online services in university network can be easily compromised. However, traditional security mechanisms approach such as Defense-In-Depth (DID) Model is outdated in today’s complex network and DID Model has been used as a primary cybersecurity defense model in the university campus network today. However, university administration should realize that Defense-In-Depth (DID) are playing an increasingly limited role in DOS/DDoS protection and this paper brings this fact to light. This paper presents that the Defense-In-Depth (DID) is not capable of defending complex and volatile DOS/DDOS attacks effectively. The test results were presented in this study in order to support our claim. The researchers established a Defense-In-Depth (DID) Network model at the Central Luzon State University and penetrated the Network System using DOS/DDOS attack to simulate the real network scenario. This paper also presents the new approach Defense-through-Deception network security model that improves the traditional passive protection by applying deception techniques to them that give insights into the limitations posed by the Defense-In-Depth (DID) Model. Furthermore, this model is designed to prevent an attacker who has already entered the network from doing damage

To Deceive or not Deceive: Unveiling The Adoption Determinants Of Defensive Cyber Deception in Norwegian Organizations

Due to the prevailing threat landscape in Norway, it is imperative for organizations to safe- guard their infrastructures against cyber threats. One of the technologies that is advan- tageous against these threats is defensive cyber deception, which is an approach in cyber security that aims to be proactive, to interact with the attackers, trick them, deceive them and use this to the defenders advantage. This type of technology can help organizations defend against sophisticated threat actors that are able to avoid more traditional defensive mechanisms, such as Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). In order to aid the adoption of defensive cyber deception in Norway, we asked the question: "What affects the adoption of defensive cyber deception in organizations in Nor- way?". To answer this question, we utilized the Technology, Organization, and Environment (TOE) Framework to identity what factors affect an organization’s adoption of defensive cyber deception. Through our use of the framework, we identified eighteen different factors which affect an organization’s adoption of defensive cyber deception. These factors are the product of the empirical data analysis from eight different semi-structured interview with individuals from six different organizations in Norway. The main theoretical implications of our research is the introduction of a TOE model for defensive cyber deception, focusing specifically on organizations in Norway as well as contributing with a maturity estimate model for defensive cyber deception. For the practical implications of our research, we have identified seven different benefits that defensive cyber deception provides. We are also con- tributing to raising the awareness of defensive cyber deception in Norwegian research and we hope that our TOE model can aid organizations that are considering adopting the tech- nology. We hope that these implications and contributions can act as a spark for both the adoption of defensive cyber deception in organizations as well as the start of a new wave for the cyber security researchers within Norway. Keywords: Cyber Security, Defensive Cyber Deception, TOE Framework, Adoptio