Designing Good Deceptions in Defense of Information Systems

A
ACSAC
2004
20th Annual Computer Security Applications Conference (ACSAC'04)
Abstract - Designing Good Deceptions in Defense of Information Systems

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Neil C. Rowe

20th Annual Computer Security Applications Conference (ACSAC'04)

Tucson, Arizona

December 06-December 10

ISBN: 0-7695-2252-1

	ASCII Text	x
	Neil C. Rowe, "Designing Good Deceptions in Defense of Information Systems," Computer Security Applications Conference, Annual, pp. 418-427, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004.

	BibTex	x
	@article{ 10.1109/CSAC.2004.16, author = {Neil C. Rowe}, title = {Designing Good Deceptions in Defense of Information Systems}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2004}, issn = {1063-9527}, pages = {418-427}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.16}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Designing Good Deceptions in Defense of Information Systems SN - 1063-9527 SP418 EP427 A1 - Neil C. Rowe, PY - 2004 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Neil C. Rowe, Cebrowski Institute, U.S. Naval Postgraduate School, Monterey CA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.16

Since attackers trust computer systems to tell them the truth, it may be effective for those systems to lie or mislead. This could waste the attacker's resources while permitting time to organize a better defense, and would provide a second line of defense when access controls have been breached. We propose here a probabilistic model of attacker beliefs in each of a set of "generic excuses" (including deception) for their inability to accomplish their goals. We show how the model can be updated by evidence presented to the attacker and feedback from the attacker's own behavior. We show some preliminary results with human subjects supporting our theory. We show how this analysis permits choosing appropriate times and methods to deceive the attacker.

Citation:

Neil C. Rowe, "Designing Good Deceptions in Defense of Information Systems," acsac, pp.418-427, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.