Advertisement

From Cyber-Security Deception to Manipulation and Gratification Through Gamification

  • Xavier BellekensEmail author
  • Gayan Jayasekara
  • Hanan Hindy
  • Miroslav Bures
  • David Brosset
  • Christos Tachtatzis
  • Robert Atkinson
Conference paper
  • 921 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11594)

Abstract

With the ever growing networking capabilities and services offered to users, attack surfaces have been increasing exponentially, additionally, the intricacy of network architectures has increased the complexity of cyber-defenses, to this end, the use of deception has recently been trending both in academia and industry. Deception enables to create proactive defense systems, luring attackers in order to better defend the systems at hand. Current applications of deception, only rely on static, or low interactive environments. In this paper we present a platform that combines human-computer-interaction, analytics, gamification and deception to lure malicious users into selected traps while piquing their interests. Furthermore we analyse the interactive deceptive aspects of the platform through the addition of a narrative, further engaging malicious users into following a predefined path and deflecting attacks from key network systems.

Keywords

Deception Cyber-security Manipulation Interactive defense 

References

  1. 1.
    Almeshekah, M.H., Spafford, E.H.: Planning and integrating deception into computer security defenses. In: Proceedings of the 2014 New Security Paradigms Workshop, pp. 127–138. ACM (2014)Google Scholar
  2. 2.
    Almeshekah, M.H., Spafford, E.H.: Cyber security deception. In: Jajodia, S., Subrahmanian, V.S.S., Swarup, V., Wang, C. (eds.) Cyber Deception, pp. 25–52. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-32699-3_2CrossRefGoogle Scholar
  3. 3.
    Barthes, R.: Lecture in inauguration of the chair of literary semiology, collège de france, January 7, 1977. Oxford Literary Rev. 4(1), 31–44 (1979)CrossRefGoogle Scholar
  4. 4.
    Bellekens, X.J., Tachtatzis, C., Atkinson, R.C., Renfrew, C., Kirkham, T.: GLoP: enabling massively parallel incident response through GPU log processing. In: Proceedings of the 7th International Conference on Security of Information and Networks, p. 295. ACM (2014)Google Scholar
  5. 5.
    Blohm, I., Leimeister, J.M.: Gamification. Bus. Inf. Sys. Eng. 5(4), 275–278 (2013)CrossRefGoogle Scholar
  6. 6.
    Buss, D.M.: Manipulation in close relationships: five personality factors in interactional context. J. Pers. 60(2), 477–499 (1992)CrossRefGoogle Scholar
  7. 7.
    Desolda, G., Ardito, C., Matera, M., Piccinno, A.: Mashing-up smart things: a meta-design approach. In: Proceedings of Workshop on End User Development in the Internet of Things Era, CHI 2015 EA, pp. 33–36 (2015)Google Scholar
  8. 8.
    Deterding, S., Dixon, D., Khaled, R., Nacke, L.: From game design elements to gamefulness: defining gamification. In: Proceedings of the 15th International Academic MindTrek Conference: Envisioning Future Media Environments, pp. 9–15. ACM (2011)Google Scholar
  9. 9.
    Faily, S.: Why designing for usability and security is hard. In: Faily, S. (ed.) Designing Usable and Secure Software with IRIS and CAIRIS, pp. 3–8. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-75493-2_1CrossRefGoogle Scholar
  10. 10.
    Han, X., Kheir, N., Balzarotti, D.: Deception techniques in computer security: a research perspective. ACM Comput. Surv. (CSUR) 51(4), 80 (2018)CrossRefGoogle Scholar
  11. 11.
    Heckman, K.E., Walsh, M.J., Stech, F.J., O’boyle, T.A., DiCato, S.R., Herber, A.F.: Active cyber defense with denial and deception: a cyber-wargame experiment. Comput. Secur. 37, 72–77 (2013)CrossRefGoogle Scholar
  12. 12.
    Hill, G., Bellekens, X.: Cryptoknight: generating and modelling compiled cryptographic primitives. Information 9(9), 231 (2018)CrossRefGoogle Scholar
  13. 13.
    McQueen, M.A., Boyer, W.F.: Deception used for cyber defense of control systems. In: 2nd Conference on Human System Interactions, HSI 2009, pp. 624–631. IEEE (2009)Google Scholar
  14. 14.
    Merien, T., Brosset, D., Bellekens, X., Claramunt, C.: A human-centred model for network flow analysis. In: 2018 2nd Cyber Security in Networking Conference (CSNet), pp. 1–6, October 2018.  https://doi.org/10.1109/CSNET.2018.8602913
  15. 15.
    Mérien, T., Bellekens, X., Brosset, D., Claramunt, C.: A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). In: Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems, pp. 564–567. ACM (2018)Google Scholar
  16. 16.
    Nawrocki, M., Wählisch, M., Schmidt, T.C., Keil, C., Schönfelder, J.: A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249 (2016)
  17. 17.
    Stech, F., Heckman, K.E., Hilliard, P., Ballo, J.R.: Scientometrics of deception, counter-deception, and deception detection in cyber-space. PsychNology J. 9(2) (2011)Google Scholar
  18. 18.
    Yuill, J.J., et al.: Defensive computer-security deception operations: processes, principles and techniques (2007)Google Scholar
  19. 19.
    Zhan, X., Nah, F.F.-H., Cheng, M.X.: An assessment of users’ cyber security risk tolerance in reward-based exchange. In: Nah, F.F.-H., Xiao, B.S. (eds.) HCIBGO 2018. LNCS, vol. 10923, pp. 431–441. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-91716-0_34CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Xavier Bellekens
    • 1
    Email author
  • Gayan Jayasekara
    • 1
  • Hanan Hindy
    • 1
  • Miroslav Bures
    • 1
    • 3
  • David Brosset
    • 2
  • Christos Tachtatzis
    • 4
  • Robert Atkinson
    • 4
  1. 1.Division of Cyber-SecurityAbertay UniversityDundeeScotland
  2. 2.Chair of Naval Cyber DefenseEcole NavaleLanvéocFrance
  3. 3.Department of Computer Science, Faculty of Electrical EngineeringCzech Technical University in PraguePragueCzech Republic
  4. 4.Department of Electronic and Electrical EngineeringUniversity of StrathclydeGlasgowScotland

Personalised recommendations