Offensive Deception In Computing

While cyber attacks continue to evolve, deception remains a key feature during exploit generation. Because humans are the weakest link in the cyber security chain, using deception in exploits to mislead end users offers attackers a more probable path to system compromise. In this work, we present a novel analysis of deceptive component(s) in commonly observed offensive attacks. Specifically, we examine four attacks, including phishing and scamming, watering hole, clickbait and repackaging attacks. We present a model of the components of each of these attacks in which we highlight how deception is successfully used. We also identify recipient biases these deceptive components rely on to be successful and provide a basis for these biases using a corpus of phishing emails. Additionally, we suggest the prior success of exploits that employ deception translates to its' ability to improve computer defenses. We discuss frameworks that apply deceptive techniques to systems that defend against the four exploits we analyze as well as other offensive attacks and provide advantages and disadvantages for these approaches. We also discuss how these frameworks could be applied to cyber defense to enhance system security and expose information about attackers. We compare deceptive cyber defenses to more traditional defensive systems. We identify some recent work in deceptive defenses, our contributions in this work and directions for future research.