Exploratory Data Analysis of Defensive Cyber Deception Experimentation
Abstract
The use of cyber deception is a powerful but underutilized practice for spoiling cyber-attacker activity from initial reconnaissance to actions on an objective. This dissertation applies exploratory data analysis techniques to network traffic data collected during the Tularosa study, the largest experiment of defensive cyber deception involving human subjects to date. Using a network-graph-based information technology artifact developed for this research temporal variables of latency, frequency, and duration for system interactions were extracted from over 200 gigabytes of network traffic collected during the Tularosa study. Analysis of the data bolsters previous assertions that decoy-based deception is significantly more effective against cyber-attackers when presence of deception is known and suggests this impact is enduring. Distinct temporal patterns for aggregated network traffic for each experimental group were also identified. This research also provides the first application of factor analysis to data collected during the Tularosa study, which highlighted the key role of technical experience in explaining observed variance. Finally, quantum probability theory is explored as a potential model to explain variations in latency observed between the control and experimental groups which may be the result of interference effect and/or order effect phenomena. Cyber-defenders can apply findings from this research to impede cyber-attacker activity.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2023
- Accession Number
- AD1213635
Entities
People
- Michael Senft
Organizations
- Naval Postgraduate School