• DocumentCode
    2274728
  • Title

    Designing good deceptions in defense of information systems

  • Author

    Rowe, Neil C.

  • Author_Institution
    Cebrowski Inst., US Naval Postgraduate Sch., Monterey, CA, USA
  • fYear
    2004
  • fDate
    6-10 Dec. 2004
  • Firstpage
    418
  • Lastpage
    427
  • Abstract
    Since attackers trust computer systems to tell them the truth, it may be effective for those systems to lie or mislead This could waste the attacker\´s resources while permitting time to organize a better defense, and would provide a second line of defense when access controls have been breached. We propose here a probabilistic model of attacker beliefs in each of a set of "generic excuses" (including deception) for their inability to accomplish their goals. We show how the model can be updated by evidence presented to the attacker and feedback from the attacker\´s own behavior. We show some preliminary results with human subjects supporting our theory. We show how this analysis permits choosing appropriate times and methods to deceive the attacker.
  • Keywords
    authorisation; information systems; access controls; deception planning; defense; information system; probabilistic model; Access control; Control systems; Feedback; Forensics; Humans; Information systems; Internet; Military computing; Protection; Technological innovation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2004. 20th Annual
  • ISSN
    1063-9527
  • Print_ISBN
    0-7695-2252-1
  • Type

    conf

  • DOI
    10.1109/CSAC.2004.16
  • Filename
    1377249
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2274728