Towards Intelligent Cyber Deception Systems

  • Fabio De Gaspari
  • Sushil JajodiaEmail author
  • Luigi V. Mancini
  • Giulio Pagnotta


The increasingly sophisticated nature of cyberattacks reduces the effectiveness of expert human intervention due to their slow response times. Consequently, interest in automated agents that can make intelligent decisions and plan countermeasures is rapidly growing. In this chapter, we discuss intelligent cyber deception systems. Such systems can dynamically plan the deception strategy and use several actuators to effectively implement the cyber deception measures. We also present a prototype of a framework designed to simplify the development of cyber deception tools to be integrated with such intelligent agents.



This work was partially funded by the Army Research Office under the grants W911NF-13-1-0421 and W911NF-15-1-0576, and by the Office of Naval Research under the grant N00014-15-1-2007.


  1. 1.
  2. 2.
    Docker platform.
  3. 3.
  4. 4.
    E. Al-Shaer. Toward Network Configuration Randomization for Moving Target Defense, pages 153–159. 2011.Google Scholar
  5. 5.
    K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis. Detecting targeted attacks using shadow honeypots. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14, SSYM’05, pages 9–9, 2005.Google Scholar
  6. 6.
    F. Araujo, K. W. Hamlen, S. Biedermann, and S. Katzenbeisser. From patches to honey-patches: Lightweight attacker misdirection, deception, and disinformation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pages 942–953, 2014.Google Scholar
  7. 7.
    B. M. Bowen, S. Hershkop, A. D. Keromytis, and S. J. Stolfo. Baiting inside attackers using decoy documents. In Security and Privacy in Communication Networks, pages 51–70.Google Scholar
  8. 8.
    M. L. Bringer, C. A. Chelmecki, and H. Fujinoki. A survey: Recent advances and future trends in honeypot research. In International Journal of Computer Network and Information Security, IJCNIS, 2012.Google Scholar
  9. 9.
    F. De Gaspari, S. Jajodia, L. V. Mancini, and A. Panico. Ahead: A new architecture for active defense. In Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense, SafeConfig ’16, 2016.Google Scholar
  10. 10.
    J. C. Giarratano and G. Riley. Expert Systems: Principles and Programming. Brooks/Cole Publishing Co., Pacific Grove, CA, USA, 1989.Google Scholar
  11. 11.
    I. J. Goodfellow, J. Shlens, and C. Szegedy. Explaining and Harnessing Adversarial Examples. ArXiv e-prints, 2014.Google Scholar
  12. 12.
    M. H. Hassoun. Fundamentals of Artificial Neural Networks. MIT Press, Cambridge, MA, USA, 1st edition, 1995.zbMATHGoogle Scholar
  13. 13.
    B. Hitaj, P. Gasti, G. Ateniese, and F. Perez-Cruz. PassGAN: A Deep Learning Approach for Password Guessing. ArXiv, 2017.Google Scholar
  14. 14.
    R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space ASLR. In 2013 IEEE Symposium on Security and Privacy, 2013.Google Scholar
  15. 15.
    S. Jajodia, K. A. Ghosh, V. Subrahmanian, V. Swarup, C. Wang, and S. X. Wang, editors. Moving Target Defense II: Application of Game Theory and Adversarial Modeling. Springer, 2013.Google Scholar
  16. 16.
    S. Jajodia, K. A. Ghosh, V. Swarup, C. Wang, and S. X. Wang, editors. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer, 2011.Google Scholar
  17. 17.
    A. Kott, L. V. Mancini, P. Théron, M. Drašar, E. Dushku, H. Günther, M. Kont, B. LeBlanc, A. Panico, M. Pihelgas, and K. Rzadca. Initial Reference Architecture of an Intelligent Autonomous Agent for Cyber Defense. ArXiv e-prints, 2018.Google Scholar
  18. 18.
    Y. LeCun, Y. Bengio, and G. Hinton. Deep learning. Nature, 521:436 EP –, May 2015.CrossRefGoogle Scholar
  19. 19.
    N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami. The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroS P), 2016.Google Scholar
  20. 20.
    N. Provos. A virtual honeypot framework. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, 2004.Google Scholar
  21. 21.
    N. Provos and T. Holz. Detecting Honeypots, chapter in book: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley Professional, 2007.Google Scholar
  22. 22.
    J. Saxe and K. Berlin. Deep neural network based malware detection using two dimensional binary program features. In 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), 2015.Google Scholar
  23. 23.
    S. Seufert and D. O’Brien. Machine learning for automatic defence against distributed denial of service attacks. In 2007 IEEE International Conference on Communications, 2007.Google Scholar
  24. 24.
    D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. van den Driessche, J. Schrittwieser, I. Antonoglou, V. Panneershelvam, M. Lanctot, S. Dieleman, D. Grewe, J. Nham, N. Kalchbrenner, I. Sutskever, T. Lillicrap, K. Leach, Madeleineand Kavukcuoglu, T. Graepel, and D. Hassabis. Mastering the game of Go with deep neural networks and tree search. Nature, 529:484 EP –, Jan 2016. Article.CrossRefGoogle Scholar
  25. 25.
    J. Yuill, M. Zappe, D. Denning, and F. Feer. Honeyfiles: deceptive files for intrusion detection. In Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004., pages 116–122.Google Scholar
  26. 26.
    L. Zhao and M. Mannan. Explicit authentication response considered harmful. In Proceedings of the 2013 New Security Paradigms Workshop, NSPW ’13, 2013.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Fabio De Gaspari
    • 1
  • Sushil Jajodia
    • 2
    Email author
  • Luigi V. Mancini
    • 1
  • Giulio Pagnotta
    • 1
  1. 1.Sapienza University of RomeRomaItaly
  2. 2.George Mason UniversityFairfaxUSA

Personalised recommendations