An Exploratory Study of a Masking Strategy of Cyberdeception Using CyberVAN
Abstract
To our knowledge, this is the first formal study conducted to verify the potential effectiveness of masking as a deception technique against human attackers in cybersecurity situations. A proposed masking algorithm of defense was compared to a random masking mapping. We observe that the Optimal algorithm tends to lead to more successful attacks but also to lower attackers rewards compared to the Random algorithm. Also, generally human attackers rewards are lower than the expected rational attackers rewards. A more detailed analysis of the attack decisions revealed that participants acted in agreement to a certainty bias (Baron et al., 1988), or risk aversion, as they tried to attack machines where the probability of success was high, even when the potential reward was low. This concrete observation from our action data was supported by a post-experiment questionnaire where participants mentioned that they calculated probabilities before launching an attack.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 28, 2020
- Accession Number
- AD1142583
Entities
People
- Aditya Mate
- Christian Lebiere
- Cleotilde Gonzalez
- Edward A Cranford
- Milind Tambe
- Omkar Thakoor
- Palvi Aggarwal
Organizations
- Carnegie Mellon University