Beginning with our pilot studies, cyber deception has been shown to have a measurable impact on attacker performance. In the pilot, more time was spent on decoys than real machines, and there was increased confusion about the network. In addition, attackers frequently misidentified the real nodes as decoys. The pilot studies also suggest that simply thinking deception is present impedes success.
The Moonraker study demonstrated that host-based deception effectively hinders progress, prevents task completion, and induces increased confusion and surprise in computer specialists attempting to exfiltrate targeted information from a network. While the analysis of the results from the Tularosa study are ongoing, what has been discovered to date reinforces the utility of deception for cyber defense. Attackers were quickly detected in the system and generally fooled by the techniques employed, even when notified of deception’s presence. We expect to gain additional valuable insights by continuing to analyze the Tularosa data set.
Finally, the upcoming investigation into the effects of oppositional human factors opens a new arena in cybersecurity research.Scientifically rigorous human subjects research is necessary to truly evaluate the effectiveness of cyber deception on attackers’ progress and to understand the effects of deception on attackers’ decision-making processes.
While cyberpsychology is a relatively new field, the field of psychology is over a century old and provides the methodology to minimize experimental bias and maximize control of our experiments in order to produce statistically sound and empirically valid results. In the realm of cyber defense, the ability to impact the decision-making of attackers and cause them to waste both time and effort as well as expose their presence in the network through the use of deception or oppositional human factors has the potential to shift the asymmetry of cyber defense in our favor.