Using a novel behavioral stimuli-response framework to Defend against Adversarial Cyberspace Participants

Autonomous Baiting, Control and Deception of Adversarial Cyberspace Participants (ABCD-ACP) is an experimental defensive framework against potentially adversarial cyberspace participants, such as malicious software and subversive insiders. By deploying fake targets (called baits/stimuli) onto a virtualized environment, the framework seeks to probabilistically identify suspicious participants through aggregate suspicious behavior, subvert their decision structure and goad them into a position favorable to the defense. Baits include simulating insertion of readable and writable drives with weak or no password, marked doc/pdf/txt/exe/cad/xls/dat files, processes with popular target names and processes that detect thread injections. This approach bears some similarities to the concept of subverting an enemy´s OODA (Observe, Orient, Decide, and Act) loop, an information warfare strategy which seeks to proactively influence and change enemy behavior. By controlling perception of the environment, this approach similarly seeks to influence adversarial participants´ decision complexity, noise levels, effectiveness and ultimately their ability to fulfill their mission. This is a work in progress: The conceptual framework is described, and implemented baits and preliminary empirical results are presented. The long term project end vision is an autonomic framework playing a repeated, dynamic, imperfect information, non-cooperative stimuli-response game which probabilistically identifies, then impedes, quarantines, subverts, possibly attributes and possibly inoculates against suspected adversarial cyberspace participants.