Workshop on HoneyThings: Automated and Dynamic Cyber Deception

ARO Workshop on HoneyThings: Automated and Dynamic Cyber Deception--Project Summary Cyber warfare is a highly asymmetric game. Attackers can use many scenarios to attack cyber systems, but defenders have to detect and prevent all these scenarios, some of which unknown, to protect the system. With significantly growing attack surface, relying purely on detection and prevention techniques for cybersecurity is evidently insufficient. Cyber deception is a complementary technique that can be used to reverse this asymmetry. Its principle involves the deliberate introduction of misleading functionality or misinformation in order to trick attackers. Cyber deception works by diverting adversaries to false targets, consuming their valuable time and energy, creating uncertainty in their perception of the target environment, and potentially learning new attack tactics. However, developing effective cyber deception systems is a highly challenging task, which requires the system to be both attractive and believable. Specifically, most conventional deceptive instruments (e.g., honeypots) attract fewer attackers over time because their static configurations render them distinguishable from real targets. In fact, effective cyber deception will need dynamic characterization of attackersÕ profiles (e.g., sophistication level and objectives) via their observed actions (e.g., fuzzing activities) and adaptation based on the learned profiles, in order to deceive the attackers and learn new attack techniques and tactics. Therefore, effective cyber deception systems must have two properties: adaptation and automation. While adaptation enables a cyber deception system to blend with the surrounding environment and reshape its structure in order to keep the attacker engaged over time, automation is the foundation for timely and effective adaptation by minimizing human intervention. The main objective of this one-day workshop proposal is to bring together leading researchers from academia and industry as well as government agencies to identify the challenges of employing automated and dynamic cyber deception, exchange experiences, and propose joint plans for promoting research and development in this important area. Participants will have a unique opportunity to interact with leading experts in the field from all three communities. To facilitate such experiences, this proposal requests funding to defray travel support to about 20 invited speakers and participants who might otherwise be unable to attend this workshop. By providing a forum for face-to-face discussion on the important topic of automated and dynamic cyber deception, this workshop will offer an excellent pathway for researchers from academia, industry and government to establish or strengthen connections and increase impact of academic research in society. The presentations, discussion, conclusion and recommendations of this workshop will be disseminated through various channels and be posted on a dedicated web site.