Towards Causal Models for Adversary Distractions
Ron Alford (1), Andy Applebaum (1) ((1) The MITRE Corporation)
TL;DR
This paper explores how decoy generation and placement strategies can be used to slow down automated cyber adversaries, emphasizing the importance of evaluating these strategies against fast-moving, automated threats.
Contribution
It introduces the idea of using causal models to analyze and improve decoy strategies specifically for automated adversaries in cybersecurity.
Findings
Decoy strategies can slow automated adversary decision-making.
Effectiveness depends on the types of objects used in decoys.
Explicit evaluation of decoy placement is necessary for fast adversaries.
Abstract
Automated adversary emulation is becoming an indispensable tool of network security operators in testing and evaluating their cyber defenses. At the same time, it has exposed how quickly adversaries can propagate through the network. While research has greatly progressed on quality decoy generation to fool human adversaries, we may need different strategies to slow computer agents. In this paper, we show that decoy generation can slow an automated agent's decision process, but that the degree to which it is inhibited is greatly dependent on the types of objects used. This points to the need to explicitly evaluate decoy generation and placement strategies against fast moving, automated adversaries.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Adversarial Robustness in Machine Learning