Designing Deception Operations for Computer Network Defense

Deception is an appealing means for computer network defense (CND), as it pits the defender's strengths against the hacker's weaknesses. Hackers rely heavily, if not exclusively, on a single source of information—network data. The data is easily manipulated, and the hacker is highly vulnerable to deception. The defender has physical control of the network, and he knows the network well. Further, deception can be used to attack hackers' decision-making processes; thus deception provides an offensive security-measure-- something computer security defenders sorely lack. This paper explains how deception operations can be designed and developed for CND, including incident response, intelligence, detection, and prevention. Deception processes, principles and techniques are presented. They are based on the underlying nature of deception, and the extensive military deception-literature. This paper explains how deception can be used to advantage in computer security, including incident response, intelligence, detection, and prevention. It describes the process followed in deception operations, and it describes principles and techniques for developing and conducting deception operations. The paper focuses on deception principles that are of enduring use, and independent of current technologies. For instance, honeypots are currently one of the most widely used deceptions. The paper uses honeypots to illustrate principles, but honeypots are not the paper's focus. This paper is an abridgement of a larger work that we hope to publish as a book. 1 Deception is an integral part of human nature and experience. However, few people use deception in the calculated manner needed for computer security. As military deception reveals, effectively deceiving an adversary is a job skill. The principles of military deception are well documented in the military deception-literature, and they are based on millennia of experience and thought. This paper adapts principles of military deception to computer security deception. In addition, one of this paper's authors has extensive experience in both military and intelligence deception.