Karl N. Levitt
CNS Division of Computer and Network Systems
CSE Directorate for Computer & Information Science & Engineering
Start Date:
October 1, 2004
Expires:
September 30, 2007 (Estimated)
Awarded Amount to Date:
$418350
Investigator(s):
Neil Rowe ncrowe@nps.edu (Principal Investigator)
Sponsor:
Naval Postgraduate School
1 University Circle
Monterey, CA 93943 831/656-2099
NSF Program(s):
, ITR-CYBERTRUST
Field Application(s):
0000912 Computer Science
Program Reference Code(s):
HPCC,9218,7254
Program Element Code(s):
V979,V474,7456
ABSTRACT
Proposal Number: CNS-0429411
Title: Defense from Cyber-Attack Using Deception
PI: Neil C. Rowe
ABSTRACT
This research focuses on building testable computational models of deception including the major sub-phenomena of trust, expectation, suspicion, surprise, deception plans, and manufactured patterns. Such models and an associated theory can be used to explain both offensive deceptions (to gain some advantage) and defensive deceptions (to foil someone else's plans). Using these models, the research will develop deceptive software as a second line of defense for computer systems systems under attack when access controls have been breached. Deception can mislead attackers as to the state of an information system with false error messages, deliberate delays in executing commands, lies about task completion, fake displays, disinformation about computer resources, and coordinated fake clues. Producing a convincing deception requires careful planning because people can often recognize suspicious patterns. So this research will develop plans to apply deception sparingly and thoughtfully based on a theory of trust and its psychological consequences. This will include ideas such as counterplanning against plans and a general theory of the effectiveness of excuses. Other issues to be addressed include the penalty of deceiving nonmalicious users and the ethical concerns raised by deliberate deception.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
A. Armold, B. Hyla, and N. C. Rowe.
"Automatically building an information-security vulnerability database,"
7th IEEE Workshop on Information Assurance, West Point, NY,
2006,
p. 376.
B. Ozkan, N. C. Rowe, S.H. Calfee, & J. E. Hiles.
"Three simulation models of naval air defense,"
International Command and Control Research and Technology Symposium, McLean, Virginia,
2005,
Calfee, SH; Rowe, NC.
"Multi-agent simulation of human behavior in naval air Defense,"
NAVAL ENGINEERS JOURNAL,
v.116,
2004,
p. 53
- 64.
K. G. Labbe, N. C. Rowe, and J. D. Fulp.
"A methodology for evaluation of host-based intrusion-prevention systems and its application,"
7th IEEE Workshop on Information Assurance, West Point, NY,
2006,
p. 378.
L. Laribee, D. S. Barnes, N. C. Rowe, and C. H. Martell.
"Analysis and defensive tools for social-engineering attacks on computer systems,"
7th IEEE Workshop on Information Assurance, West Point, NY,
2006,
p. 388.
M. McVicker, P. Avellino, and N.C. Rowe.
"Automated retrieval of security statistics from the World Wide Web,"
8th IEEE Information Assurance Workshop, West Point, NY,
2007,
p. 355.
N. C. Rowe, D. S. Barnes, M. McVicker, M. Egan, R. Betancourt, R. Toledo, D. Horner, D. Davis, L. Guiterrez, and C. Martell.
"Do word clues suffice in detecting spam and phishing?,"
8th IEEE Information Assurance Workshop, West Point, NY,
2007,
p. 14.
N. C. Rowe, H. C. Goh, S. L. Lim, & B. T. Duong.
"Experiments with a testbed for automated defensive deception planning for cyber-attacks,"
Second International Conference on I-Warfare and Security, Monterey, CA,
2007,
N. C. Rowe, J. Wintrode, J. Sparks, J. Vorrath, & M. Lear.
"Deep versus broad methods for automatic extraction of intelligence information,"
International Command and Control Research and Technology Symposium, McLean, Virginia,
2005,
Neil C. Rowe.
"Detecting suspicious behavior from only positional data with distributed sensor networks,"
5th International Conference on Multibody Systems, Nonlinear Dynamics and Control, Long Beach, California,
2005,
Neil C. Rowe.
"Automatic detection of fake file systems,"
International Conference on Intelligence Analysis Methods and Tools, McLean, Virginia,
2005,
Neil C. Rowe.
"Measuring the effectiveness of honeypot counter-counterdeception,"
Hawaii International Conference on Systems Sciences, Poipu, HI,
2006,
Neil C. Rowe.
"Planning cost-effective deceptive resource denial in defense to cyber-attacks,"
Second International Conference on I-Warfare and Security, Monterey, CA,
2007,
Neil C. Rowe.
"A taxonomy of deception in cyberspace,"
International Conference on Information Warfare and Security, Princess Anne, MD,
2006,
p. 173.
Neil C. Rowe.
"Designing good deceptions in defense of information systems,"
Computer Security Applications Conference, Tucson, AZ,
2004,
p. 418.
Neil C. Rowe.
"Finding logically consistent resource-deception plans for defense in cyberspace,"
3rd International Symposium on Security in Networks and Distributed Systems, Niagara Falls, Ontario, Canada,
2007,
p. 563.
Neil C. Rowe.
"Cheating in online student assessment: beyond plagiarism,"
On-Line Journal of Distance Learning Administration,
2004,
Neil C. Rowe.
"Detecting suspicious behavior from positional information,"
Workshop on Modeling Others from Observations, Intl. Joint Conference on Artificial Intelligence, Edinburgh, UK,
2005,
Neil C. Rowe and Han C. Goh.
"Thwarting cyber-attack reconnaissance with inconsistency and deception,"
8th IEEE Information Assurance Workshop, West Point, NY,
2007,
p. 151.
Neil C. Rowe and Hy S. Rothstein.
"Two taxonomies of deception for attacks on information systems,"
Journal of Information Warfare,
v.3,
2004,
p. 27.