Researchers working to make it harder for attackers to know when a system begins to detect and deceive a bad actor.
Can you deceive a deceiver? That's the question that computer scientists at Binghamton University, State University of New York have recently been exploring.
Their study was inspired by the 2013 Target data breach that affected 41 million consumers and cost Target $18.5 million, and the 2017 Equifax hack which exposed the personal information of 147.7 million Americans. Both of these were what can be classified as Advanced Persistent Threats (APTs).
Cyber deception is a responsive technique that puts malicious hackers into a fake environment once the system detects a hack in progress.
In the abstract of the study, the researchers wrote that "the main objective of our work is to ensure deception consistency: when the attackers are trapped, they can only make observations that are consistent with what they have seen already so that they cannot recognize the deceptive environment."
They found that this focus on only showing attackers what has been seen before increases the efficiency of the deception
The deception consistency method that is being created was tested on college students who had recently completed a cybersecurity course. The students were asked to act like malicious hackers, with some ending up in the deceptive environment.
The researchers found that because the deceptive environment was consistent with what students had previously seen, most did not realize they had entered into the deception.
Although the deception consistency may make it more difficult for APT attackers to recognize the deception, the researchers were clear that their proposed method is not a cure-all for things like what happened to Target and Equifax.