Advanced cyber deception techniques

Cyber attacks are increasingly automated, however at their core are people, no matter how remote they are.

Prof Debi Ashenden and her team use a behavioural science perspective to develop new cyber deception techniques designed to deceive attackers and potentially change their behaviour.

She explains “Cyber deception measures are usually designed to entice would-be attackers to a specific place on the network which then triggers an alert and lets us know there is an active threat. Advanced cyber defence will see future cyber deception technology leverage behavioural science. The goal is to gain intelligence about an attacker’s tactics, techniques and procedures, whilst also shaping their behaviour and decision-making while they are inside our networks. The key is to create confusion in the attacker’s mind and, by extension, the automated algorithms that may be  
used against us.

“We gather knowledge of how security analysts and network defenders make decisions on potential responses during an attack. We then use information about these human cognitive processes to build a process to disrupt the attacker’s decision-making and make them waste time and resources. This allows our defence systems more time to respond to a threat, but also may cause enough doubt that the attacker thinks twice before attempting again.”

The next steps are to look at automating parts of this system and developing an online tool to allow organisations to be more proactive with their own  cyber security.

Prof Ashenden is the inaugural joint chair with DSTG in cybersecurity, a position that is co-funded by the University and DSTG. This work on cyber deception is funded under the NGTF cyber program and is closely aligned with DSTG’s Information Warfare STaR Shot.