'It's Not Paranoia If They're Really After You'¹: When Announcing Deception Technology Can Change Attacker Decisions
Files
(Published version)
Date
2025
Authors
Reeves, A.
Ashenden, D.
Editors
Bui, T.X.
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
Proceedings of the ... Annual Hawaii International Conference on System Sciences. Annual Hawaii International Conference on System Sciences, 2025 / Bui, T.X. (ed./s), pp.1086-1095
Statement of Responsibility
Andrew Reeves, Debi Ashenden
Conference Name
58th Hawaii International Conference on System Sciences (HICSS) (7 Jan 2025 - 10 Jan 2025 : Honolulu, HI)
Abstract
As organisations continue to adopt deception technology, adversaries are becoming aware of this technology. Little is known, however, about how this awareness changes the attacker’s behaviour as they navigate a victim's network. Concurrently, work is being done to build algorithms that predict attacker paths to recommend where to place deceptive assets, but it is not clear whether attacker awareness of deception alters their behaviour sufficiently to render these algorithms ineffective. We present an ongoing mixed method study to better understand how attackers move through a network when they are aware of the presence of deception. Thematic analysis of think-aloud sessions revealed three key decisionmaking themes. Themes suggest that several industry heuristics for the use of decoys may be inaccurate and impact the efficacy of decoy placement strategies. In addition, effect sizes indicate that awareness of deception leads attackers to take longer paths through the network, although no more decoys were required to detect them.
School/Discipline
Dissertation Note
Provenance
Description
Decision Analytics and Service Science Track. Mini Track 9. Cyber Deception and Cyberpsychology for Defense.
Access Status
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)