Towards in-situ Psychological Profiling of Cybercriminals Using Dynamically Generated Deception Environments

TL;DR

This paper introduces a proof-of-concept cyber deception system that dynamically creates and analyzes deception environments during simulated attacks to profile cybercriminals' motives and psychological traits in real time.

Contribution

The paper presents a novel in-situ cyber deception system capable of real-time attacker profiling and motive prediction based on autonomous deception material generation and interaction analysis.

Findings

System can predict attacker motives during simulated attacks.

Deception environment adapts dynamically to attacker behavior.

Potential to infer psychological traits of cybercriminals.

Abstract

Cybercrime is estimated to cost the global economy almost \$10 trillion annually and with businesses and governments reporting an ever-increasing number of successful cyber-attacks there is a growing demand to rethink the strategy towards cyber security. The traditional, perimeter security approach to cyber defence has so far proved inadequate to combat the growing threat of cybercrime. Cyber deception offers a promising alternative by creating a dynamic defence environment. Deceptive techniques aim to mislead attackers, diverting them from critical assets whilst simultaneously gathering cyber threat intelligence on the threat actor. This article presents a proof-of-concept (POC) cyber deception system that has been developed to capture the profile of an attacker in-situ, during a simulated cyber-attack in real time. By dynamically and autonomously generating deception material based on the observed attacker behaviour and analysing how the attacker interacts with the deception material, the system outputs a prediction on the attacker's motive. The article also explores how this POC can be expanded to infer other features of the attacker's profile such as psychological characteristics. By dynamically and autonomously generating deception material based on observed attacker behaviour and analysing how the attacker interacts with the deception material, the system outputs a prediciton on the attacker's motive. The article also explores how this POC can be expanded to infer other features of the attacker's profile such as psychological characteristics.