
Research Article
Assessing the Effectiveness of Deception-Based Cyber Defense with CyberBattleSim
@INPROCEEDINGS{10.1007/978-3-031-56583-0_15, author={Quan Hong and Jiaqi Li and Xizhong Guo and Pan Xie and Lidong Zhai}, title={Assessing the Effectiveness of Deception-Based Cyber Defense with CyberBattleSim}, proceedings={Digital Forensics and Cyber Crime. 14th EAI International Conference, ICDF2C 2023, New York City, NY, USA, November 30, 2023, Proceedings, Part II}, proceedings_a={ICDF2C PART 2}, year={2024}, month={4}, keywords={CyberBattleSim Deception-Based Defense Cybersecurity Defense Effect Evaluation Simulation}, doi={10.1007/978-3-031-56583-0_15} }
- Quan Hong
Jiaqi Li
Xizhong Guo
Pan Xie
Lidong Zhai
Year: 2024
Assessing the Effectiveness of Deception-Based Cyber Defense with CyberBattleSim
ICDF2C PART 2
Springer
DOI: 10.1007/978-3-031-56583-0_15
Abstract
Deception-Based Cyber Defense technology involves deploying various elements within a network to deliberately mislead and deceive potential attackers, enabling the early detection and warning of cyber-attacks in their nascent stages. However, there is a lack of systematic research on defensive effectiveness, applicability in different scenarios, and potential synergies with other defense mechanisms of various deception technologies. To address this research gap, this study incorporates negative rewards within the CyberBattleSim platform to simulate the consequences imposed on adversaries when encountering deception techniques. We then assess the efficacy of diverse cyber deception strategies through the cumulative reward trend of attackers. Furthermore, we simulated the combined deployment of different deception technologies and the deployment of deception technology in distinct network scenarios, to evaluate the synergistic impact of deception technologies when coupled with other defensive measures and explore the suitable application scenarios of deception technology. The outcomes of multiple experiments conducted on the CyberBattleSim platform demonstrate that deception technology can impact attackers by delaying or preventing penetration and the combination of distinct deception techniques can yield varying enhancements in defense effectiveness. Additionally, the combination of Shock Trap and honeypot technology can maximize the defense effect.