Modeling the effects of amount and timing of deception in simulated network scenarios

Abstract

With the growth of digital infrastructure, cyber-attacks are increasing in the real-world. Cyber-attacks are deliberate exploitation of computer systems, technology-dependent enterprises, and networks. Deception, i.e., the act of making someone believe in something that is not true, could be a way of countering cyber-attacks. In this paper, we propose a real-time simulation environment (“Deception Game”), which we used to evaluate and model the decision making of hackers in the presence of deception. In an experiment, using a repeated Deception Game (N = 100 participants), we analyzed the effect of two factors on participants' decisions to attack a computer network: amount of deception used and the timing of deception. Across 10-attack trials, the amount of deception used was manipulated at 2-levels: low and high. The timing of deception was manipulated at 2-levels: early and late. Results revealed that using late and high deception caused a reduction in attacks on regular webserver compared to early and low deception. Furthermore, we developed a cognitive model of hacker's decision-making using Instance-Based Learning (IBL) Theory, a theory of decisions from experience. The parameters obtained from the model helped explain the reasons for our experimental results.