Visible to the public Biblio

Filters: Keyword is Cognitive Security  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
A
Abdul Rahman.  2019.  Tricking attackers through the art of deception. Help Net Security.

The purpose of using deception technology in cybersecurity is to misdirect or lure attackers away from valuable technology assets once they have successfully infiltrated a network, using traps or decoys. Deception technology can also be used to further learn about the motives and tactics of attackers. Several components are required for the effective performance of deception. 

Abdul Rahman.  2019.  Tricking attackers through the art of deception. Help Net Security.

In cybersecurity, deception is redundant if it cannot misdirect, confuse, and lure attackers into traps and dead-ends. It is the art of tricking attackers into overextending and exposing themselves. To deceive attackers, an organization’s security team must see things from the adversary’s perspective.

Amelia Acker.  2018.  Data craft: the manipulation of social media metadata. Analysis and Policy Observatory.

The manipulation of social media metadata by bad actors for the purpose of creating more powerful disinformation campaigns was explored. It has been argued that disinformation campaigns can be detected and combatted by understanding data craft.

Andrew Bushby.  2019.  How deception can change cyber security defences. Science Direct. 2019(1):12-14.

Deception technology is used to lure, detect and defend against attacks. Deception technology should be used within organizations. There are five ways that deception technology is changing the cyber security landscape.

Andy Greenberg.  2018.  Russian Hacker False Flags Work - Even After They're Exposed. Wired.

Hackers often perform deception through the use of false flag operations. False flags allow nation-state actors to pose as others in order to further complicate attribution. Russian hackers planted destructive malware, called the "Olympic Destroyer", which contained code deriving from other well-known attacks launched by different hacking groups. This discovery highlights the evolution of deceptive tactics used by hackers.  

Austin Whipple.  2016.  Hacker Psychology: Understanding the 4 Emotions of Social Engineering. Better Cloud.

The underlying psychological elements of social engineering attacks must be further explored by security researchers to help develop better strategies for protecting end user from such attacks. Hackers often try to evoke emotions or behavioral behaviors such as fear, obedience, greed, and helpfulness, in the launch of social engineering attacks. 

B
B. Biggio, g. fumera, P. Russu, L. Didaci, F. Roli.  2015.  Adversarial Biometric Recognition : A review on biometric system security from the adversarial machine-learning perspective. IEEE Signal Processing Magazine. 32:31-41.

In this article, we review previous work on biometric security under a recent framework proposed in the field of adversarial machine learning. This allows us to highlight novel insights on the security of biometric systems when operating in the presence of intelligent and adaptive attackers that manipulate data to compromise normal system operation. We show how this framework enables the categorization of known and novel vulnerabilities of biometric recognition systems, along with the corresponding attacks, countermeasures, and defense mechanisms. We report two application examples, respectively showing how to fabricate a more effective face spoofing attack, and how to counter an attack that exploits an unknown vulnerability of an adaptive face-recognition system to compromise its face templates.

Barford, Paul, Dacier, Marc, Dietterich, Thomas G., Fredrikson, Matt, Giffin, Jon, Jajodia, Sushil, Jha, Somesh, Li, Jason, Liu, Peng, Ning, Peng et al..  2010.  Cyber SA: Situational Awareness for Cyber Defense. Cyber Situational Awareness: Issues and Research. 46:3–13.

Cyber SA is described as the current and predictive knowledge of cyberspace in relation to the Network, Missions and Threats across friendly, neutral and adversary forces. While this model provides a good high-level understanding of Cyber SA, it does not contain actionable information to help inform the development of capabilities to improve SA. In this paper, we present a systematic, human-centered process that uses a card sort methodology to understand and conceptualize Senior Leader Cyber SA requirements. From the data collected, we were able to build a hierarchy of high- and low- priority Cyber SA information, as well as uncover items that represent high levels of disagreement with and across organizations. The findings of this study serve as a first step in developing a better understanding of what Cyber SA means to Senior Leaders, and can inform the development of future capabilities to improve their SA and Mission Performance.

C
C. Wang, Z. Lu.  2018.  Cyber Deception: Overview and the Road Ahead. IEEE Security Privacy. 16:80-85.

Since the concept of deception for cybersecurity was introduced decades ago, several primitive systems, such as honeypots, have been attempted. More recently, research on adaptive cyber defense techniques has gained momentum. The new research interests in this area motivate us to provide a high-level overview of cyber deception. We analyze potential strategies of cyber deception and its unique aspects. We discuss the research challenges of creating effective cyber deception-based techniques and identify future research directions.

Caleb Townsend.  2019.  Deepfake Technology: Implications for the Future. U.S. Cybersecurity Magazine.

Deepfakes' most menacing consequence is their ability to make us question what we are seeing. The more popular deepfake technology gets, the less we will be able to trust our own eyes.

Carolyn Crandall.  2017.  Advanced Deception: How It Works & Why Attackers Hate It. Dark Reading.

The growing complexity and frequency of cyberattacks call for advanced methods to enhance the detection and prevention of such attacks. Deception is a cyber defense technique that is drawing more attention from organizations. This technique could be used to detect, deceive, and lure attackers away from sensitive data upon infiltration into a system. It is important to look at the most common features of distributed deception platforms such as high-interaction deception, adaptive deception, and more. 

Carolyn Crandall.  2016.  The ins and outs of deception for cyber security. Network World.

New deception technologies bring a heightened level of aggressiveness in addressing cyberattacks.  Dynamic deception steps in, when prevention systems fail, and provides organizations with an efficient way to continuously detect intrusions with high interaction traps, engagement servers, and luring techniques to engage attackers. It does this without requiring additional IT staff to manage the solution.

Carolyn Crandall.  2019.  You’ve Been Deceived about Deception Technology. Cyber Defense Magazine.

There are three misconceptions about deception technology in regard to its value, complexity, and application. Deception technology is valuable in that it provides accurate detection of attacks. Deceptions are organized, deployed, and managed by modem deception technology through the use of machine learning. Different Organizations of all sizes and types can apply deception in their cybersecurity strategies.

Casey Newton.  2019.  People older than 65 share the most fake news, a new study finds. The Verge.

This article pertains to cognitive security. Older users shared more fake news than younger ones regardless of education, sex, race, income, or how many links they shared. In fact, age predicted their behavior better than any other characteristic -- including party affiliation.

Chris Bing.  2018.  Winter Olympics hack shows how advanced groups can fake attribution. Cyber Scoop.

A malware attack that disrupted the opening ceremony of the 2018 Winter Olympics highlights false flag operations. The malware called the "Olympic Destroyer" contained code deriving from other well-known attacks launched by different hacking groups. This lead different cybersecurity companies to accuse Russia, North Korea, Iran, or China.

Clint Watts.  2019.  The National Security Challenges of Artificial Intelligence, Manipulated Media, and 'Deepfakes'. Foreign Policy Research Institute.

The spread of Deepfakes via social media platforms leads to disinformation and misinformation. There are ways in which the government and social media companies can prevent to prevent Deepfakes.

Cranford, Edward A, Gonzalez, Cleotilde, Aggarwal, Palvi, Lebiere, Christian.  2019.  Towards Personalized Deceptive Signaling for Cyber Defense Using Cognitive Models.

Recent research in cybersecurity has begun to develop active defense strategies using game-theoretic optimization of the allocation of limited defenses combined with deceptive signaling. While effective, the algorithms are optimized against perfectly rational adversaries. In a laboratory experiment, we pit humans against the defense algorithm in an online game designed to simulate an insider attack scenario. Humans attack far more often than predicted under perfect rationality. Optimizing against human bounded rationality is vitally important. We propose a cognitive model based on instancebased learning theory and built in ACT-R that accurately predicts human performance and biases in the game. We show that the algorithm does not defend well, largely due to its static nature and lack of adaptation to the particular individual’s actions. Thus, we propose an adaptive method of signaling that uses the cognitive model to trace an individual’s experience in real time, in order to optimize defenses. We discuss the results and implications of personalized defense.

Cristiano De Faveri, Ana Moreira, Vasco Amaral.  2018.  Multi-paradigm deception modeling for cyber defense. Science Direct. 141:32-51.

Security-critical systems demand multiple well-balanced mechanisms to detect ill-intentioned actions and protect valuable assets from damage while keeping costs in acceptable levels. The use of deception to enhance security has been studied for more than two decades. However, deception is still included in the software development process in an ad-hoc fashion, typically realized as single tools or entire solutions repackaged as honeypot machines. We propose a multi-paradigm modeling approach to specify deception tactics during the software development process so that conflicts and risks can be found in the initial phases of the development, reducing costs of ill-planned decisions. We describe a metamodel containing deception concepts that integrates other models, such as a goal-oriented model, feature model, and behavioral UML models to specify static and dynamic aspects of a deception operation. The outcome of this process is a set of deception tactics that is realized by a set of deception components integrated with the system components. The feasibility of this multi-paradigm approach is shown by designing deception defense strategies for a students’ presence control system for the Faculty of Science and Technology of Universidade NOVA de Lisboa.

D
Dan Woods.  2018.  How Deception Technology Gives You The Upper Hand In Cybersecurity. Forbes.

Deception technology gives defenders a rare advantage against attackers by doing something that other forms of cybersecurity don’t, it provides early and accurate detection by laying a minefield of attractive decoy systems and content to trip up attackers.

Daniel Fraunholz, Simon Duque Anton, Christoph Lipps, Daniel Reti, Daniel Krohmer, Frederic Pohl, Matthias Tammen, Hans Dieter Schotten.  2018.  Demystifying Deception Technology: A Survey. Arxiv.

It was concluded that deception technology  is a beneficial extension for traditional IT- security. Emphasis was placed on requirement categories, such as psychological, formal, legal and ethical, as well as on recent trends, such as VMI and the field of industrial and critical infrastructure security. 

Dave Bernard.  2018.  Deception technology applied to pharma cybersecurity. Search Health IT.

Due to the increase in use of automation and virtualization, deception technology may make inroads into healthcare. This article is about one pharmaceutical company's approach to using the deception technology.

Dave Climek, Anthony Macera, Walt Tirenin.  2016.  Cyber Deception. Cyber Security and Information Systems Information Analysis Center Journal. 4(1)

Defense through deception can potentially level the cyber battlefield by altering an enemy’s perception of reality through delays and disinformation which can reveal attack methods and provide the attributions needed to identify the adversary’s strategy

Devin Coldewey.  2019.  To Detect Fake News, This AI First Learned to Write it. Tech Crunch.

Naturally Grover is best at detecting its own fake articles, since in a way the agent knows its own processes. But it can also detect those made by other models, such as OpenAI's GPT2, with high accuracy.

Dorje Brody, David Meier.  2018.  Mathematicians to Help Solve the Fake News Voting Conundrum. University of Surrey News.

Mathematicians revealed a mathematical model of fake news. This model can be used to help lawmakers mitigate the impact of fake news.

Doron Kolton.  2018.  5 ways deception tech is disrupting cybersecurity. The Next Web.

Enterprises and their Security Operations Centers (SOCs) are under siege. Security events are being triggered from all corners of the security stack – from the firewall, endpoints, and servers, from intrusion detection systems and other security solutions.

Here are the five ways deception tech is disrupting cybersecurity:
•    Maximum accuracy with minimal human investment
•    Get personal with your business
•    Ensure a post-breach defense for any type of attack
•    Triggers threat hunting operations
•    Empowers organizations towards strategy and active defense