The Role of Deceptive Defense in Cyber Strategy
Abstract
This thesis examines the role of deceptive defense in cyber strategy and contributes a new practical concept to aid in its implementation. In The Art of War, Sun Tzu stated, All warfare is based on deception. Cyber conflict should pose no exception. The ability to operate anonymously in the cyber domain enables attackers to operate with some degree of impunity, as the attribution of their identities is a complex, costly, and imperfect process. However, defenders can utilize cyber deception to improve network security and enhance both forensic and potential retaliatory cyber operations. This work introduces Deceptive Resistance to Adversary Cyber Operations (DRACO), a concept that simulates active network resources while remaining outside of a secure network perimeter. In this respect it differs from traditional honeypot deployments that are either within the network or completely detached. DRACO offers a deception as a service architecture, requiring limited integration effort and offering cloud hosting potential. During experimentation on a live network, DRACO successfully redirected attacks that were intended for authentic endpoints and revealed insights pertaining to the attack patterns on active and inactive addresses within a network. Additionally, DRACO presents an opportunity to engage with the adversary, which in turn can enable the identification of an ongoing attack, adversary attribution, and assist in the preparation of retaliatory options.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2023
- Accession Number
- AD1213177
Entities
People
- Mathieu Couillard
Organizations
- Naval Postgraduate School