Deception Detection in Cyber Conflicts

Jim Q. Chen
{"title":"Deception Detection in Cyber Conflicts","authors":"Jim Q. Chen","doi":"10.4018/978-1-7998-2466-4.ch014","DOIUrl":null,"url":null,"abstract":"Deception is a strategy that has been widely used in cyber conflicts. How to detect deception in a timely manner is always a challenge, especially for a cyber commander who is at the point of making decisions with respect to the actual target to go after, the exact location of the target, the starting and ending time of a cyber operation, the type of cyber operation, the way of launching the cyber operation, and the amount of resources and support needed. It is absolutely important for a cyber commander to know for sure that he/she is not deceived by an adversary so he/she will be able to make right decisions. Varied solutions do exist. However, they are either too narrow or too broad. The solutions represented by signature technology are narrow in scope, so that they are not capable of dealing with the deception that they have not handled before. The solutions represented by behavioral analysis are relatively broad, so that they require extra time to re-adjust their focuses, incorporate contextual information, and combine heterogeneous data resources in order to get to what is exactly needed. In addition, the use of contexts in analysis is at random and not in a systematic way in most cases. Even when contexts are included in analysis, their relations with the relevant events are not well explored in all these solutions. To address these issues, this paper proposes a new strategic and systematic solution applying the Operational-Level Cybersecurity Strategy Formation Framework. This new solution employs purpose analysis, contextual analysis, and risk analysis. A case study is provided to test the effectiveness of this solution in detecting deception in a timely manner. The benefits and limitations of this solution are discussed. The capabilities of the Operational-Level Cybersecurity Strategy Formation Framework are evidently proved via this use case.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"75 1","pages":""},"PeriodicalIF":0.2000,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Cyber Warfare and Terrorism","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/978-1-7998-2466-4.ch014","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"POLITICAL SCIENCE","Score":null,"Total":0}
引用次数: 1

Abstract

Deception is a strategy that has been widely used in cyber conflicts. How to detect deception in a timely manner is always a challenge, especially for a cyber commander who is at the point of making decisions with respect to the actual target to go after, the exact location of the target, the starting and ending time of a cyber operation, the type of cyber operation, the way of launching the cyber operation, and the amount of resources and support needed. It is absolutely important for a cyber commander to know for sure that he/she is not deceived by an adversary so he/she will be able to make right decisions. Varied solutions do exist. However, they are either too narrow or too broad. The solutions represented by signature technology are narrow in scope, so that they are not capable of dealing with the deception that they have not handled before. The solutions represented by behavioral analysis are relatively broad, so that they require extra time to re-adjust their focuses, incorporate contextual information, and combine heterogeneous data resources in order to get to what is exactly needed. In addition, the use of contexts in analysis is at random and not in a systematic way in most cases. Even when contexts are included in analysis, their relations with the relevant events are not well explored in all these solutions. To address these issues, this paper proposes a new strategic and systematic solution applying the Operational-Level Cybersecurity Strategy Formation Framework. This new solution employs purpose analysis, contextual analysis, and risk analysis. A case study is provided to test the effectiveness of this solution in detecting deception in a timely manner. The benefits and limitations of this solution are discussed. The capabilities of the Operational-Level Cybersecurity Strategy Formation Framework are evidently proved via this use case.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
网络冲突中的欺骗检测
欺骗是一种在网络冲突中广泛使用的策略。如何及时发现欺骗始终是一个挑战,特别是对于网络指挥官来说,他需要就实际目标,目标的确切位置,网络行动的开始和结束时间,网络行动的类型,发起网络行动的方式以及所需的资源和支持数量做出决定。对于网络指挥官来说,确保他/她没有被对手欺骗是绝对重要的,这样他/她才能做出正确的决定。不同的解决方案确实存在。然而,它们不是太窄就是太宽。签名技术所代表的解决方案范围很窄,因此无法处理以前没有处理过的欺骗。行为分析所代表的解决方案相对广泛,因此它们需要额外的时间来重新调整焦点、合并上下文信息和组合异构数据资源,以便获得确切需要的内容。此外,在大多数情况下,上下文在分析中的使用是随机的,而不是系统的。即使在分析中包含上下文,它们与相关事件的关系也没有在所有这些解决方案中得到很好的探讨。为了解决这些问题,本文提出了一个新的战略和系统的解决方案,应用运营级网络安全战略形成框架。这个新的解决方案采用了目的分析、上下文分析和风险分析。通过一个案例研究,验证了该解决方案在及时发现欺骗行为方面的有效性。讨论了该解决方案的优点和局限性。通过这个用例,可以明显地证明操作级网络安全战略形成框架的能力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
1.80
自引率
40.00%
发文量
20
期刊最新文献
Meta-Analysis and the Integration of Terrorism Event Databases Modeling and Simulating Student Protests Through Agent-Based Framework Artificial Intelligence and Facial Recognition in an IoT Ecosystem IoT and Edge Computing as Enabling Technologies of Human Factors Monitoring in CBRN Environment Integrated Information Model of an Enterprise and Cybersecurity Management System: From Data to Activity
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1