Deception Detection in Cyber Conflicts

Abstract

Deception is a strategy that has been widely used in cyber conflicts. How to detect deception in a timely manner is always a challenge, especially for a cyber commander who is at the point of making decisions with respect to the actual target to go after, the exact location of the target, the starting and ending time of a cyber operation, the type of cyber operation, the way of launching the cyber operation, and the amount of resources and support needed. It is absolutely important for a cyber commander to know for sure that he/she is not deceived by an adversary so he/she will be able to make right decisions. Varied solutions do exist. However, they are either too narrow or too broad. The solutions represented by signature technology are narrow in scope, so that they are not capable of dealing with the deception that they have not handled before. The solutions represented by behavioral analysis are relatively broad, so that they require extra time to re-adjust their focuses, incorporate contextual information, and combine heterogeneous data resources in order to get to what is exactly needed. In addition, the use of contexts in analysis is at random and not in a systematic way in most cases. Even when contexts are included in analysis, their relations with the relevant events are not well explored in all these solutions. To address these issues, this paper proposes a new strategic and systematic solution applying the Operational-Level Cybersecurity Strategy Formation Framework. This new solution employs purpose analysis, contextual analysis, and risk analysis. A case study is provided to test the effectiveness of this solution in detecting deception in a timely manner. The benefits and limitations of this solution are discussed. The capabilities of the Operational-Level Cybersecurity Strategy Formation Framework are evidently proved via this use case.