Honeyquest: Rapidly Measuring the Enticingness of Cyber Deception Techniques with Code-based Questionnaires

TL;DR

Honeyquest is an open-source tool that enables rapid, code-based evaluation of cyber deception techniques' enticingness, facilitating research without extensive system implementation, and demonstrates that deception can significantly reduce security risks.

Contribution

The paper introduces Honeyquest, a high-level specification tool for quickly assessing cyber deception techniques' effectiveness without deploying them on real systems.

Findings

Cyber deception can reduce adversaries' success rate by about 22%.

Honeyquest accurately replicates previous research findings.

The tool enables rapid evaluation of 25 deception techniques.

Abstract

Fooling adversaries with traps such as honeytokens can slow down cyber attacks and create strong indicators of compromise. Unfortunately, cyber deception techniques are often poorly specified. Also, realistically measuring their effectiveness requires a well-exposed software system together with a production-ready implementation of these techniques. This makes rapid prototyping challenging. Our work translates 13 previously researched and 12 self-defined techniques into a high-level, machine-readable specification. Our open-source tool, Honeyquest, allows researchers to quickly evaluate the enticingness of deception techniques without implementing them. We test the enticingness of 25 cyber deception techniques and 19 true security risks in an experiment with 47 humans. We successfully replicate the goals of previous work with many consistent findings, but without a time-consuming implementation of these techniques on real computer systems. We provide valuable insights for the design of enticing deception and also show that the presence of cyber deception can significantly reduce the risk that adversaries will find a true security risk by about 22% on average.