A case study about the use and evaluation of cyber deceptive methods against highly targeted attacks

Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization's network topology, services and resources.