ly, we present a notional view of how we believe that
cyber deception can improve defender advantage.
Figures 5–8 describe the effects of various strategies:
improving traditional defense mechanisms (figure 5),
incorporating resilience (figure 6), employing defensive cyber deception (figure 7), and finally using
counterdeception to thwart attacker deceptions (
figure 8). The mechanisms in figures 5 and 6 are already
common tools used by defenders, but they get us
only part of the way to shifting the advantage to
defenders. In our perspective, cyber deception and
counterdeception are key elements of a successful
cyber defense strategy and necessary for any well-reasoned approach to the defense of networks and networked systems. To force attackers to suffer the same
disadvantage as defenders do, we must employ many
of the same basic techniques. Just as the attacker’s
goals, their techniques, or their very existence is
often unknown to a defender, we must make our critical information systems equally opaque.
Axelrod, R., and Hamilton, W. D. 1981. The Evolution of
Cooperation. Science 211(4489): 1390–96. doi.org/10.1126/
Bilinski, M.; Gabrys, R.; and Mauger, J. 2018. Optimal Placement of Honeypots for Network Defense. Paper presented at
the Conference on Decision and Game Theory for Security.
Seattle, WA, October 29–31.
Ferguson-Walter, K. J.; Fugate, S.; Mauger, J.; and Major, M.
2018. Game Theory for Adaptive Defensive Cyber Deception.
Technical Report 3141. San Diego, CA: US Navy SPAWAR
Systems Center Pacific.
Ferguson-Walter, K. J.; LaFon, D. S.; and Shade, T. B. 2017.
Friend or Faux: Deception for Cyber Defense. Journal of
Information Warfare 16( 2): 28–42.
Fugate, S. 2012. Methods for Speculatively Bootstrapping
Better Intrusion Detection System Performance. PhD dissertation, Department of Computer Science, University of New
Mexico, Albuquerque, NM.
Gutzwiller, R.; Ferguson-Walter, K.; Fugate, S.; and Rogers, A.
2018. “Oh, Look, a Butterfly!” A Framework for Distracting
Attackers to Improve Cyber Defense. Proceedings of the
Human Factors and Ergonomics Society Annual Meeting 62( 1):
Heckman, K. E.; Stech, F. J.; Thomas, R. K.; Schmoker, B.;
and Tsow, A. W. 2015. Cyber Denial, Deception and Counter
Deception: A Framework for Supporting Active Cyber Defense.
Advances in Information Security 64. Cham: Springer. doi.
Kovach, N. S.; Gibson, A. S.; and Lamont, G. B. 2015. Hypergame Theory: A Model for Conflict, Misperception, and
Deception. Game Theory 2015( 2): 1–20. doi.org/10.1155/
Nash, J. F. 1951. Non-Cooperative Games. In Annals of
Mathematics 54: 286–95.
Poundstone, W. 1992. Prisoner’s Dilemma. New York: Doubleday.
Rowe, N. C., and Rrushi, J. 2016. Introduction to Cyberdecep-tion. Berlin: Springer. doi.org/10.1007/978-3-319-41187-3.
Roy, S.; Ellis, C.; Shiva, S.; Dasgupta, D.; Shandilya, V.; and
Wu, Q. 2010. A Survey of Game Theory as Applied to Network Security. In 43rd Hawaii International Conference on System Sciences, 1–10. IEEE. doi.org/10.1109/HICSS.2010.35.
Spaan, M. T. J. 2012. Partially Observable Markov Decision
Processes. In Reinforcement Learning, edited by M. Wiering
and M. van Otterlo, 387–414. Adaptation, Learning, and
Optimization 12. Berlin: Springer. doi.org/10.1007/978-3-
Sutton, R. S., and Barto, A. G. 1998. Reinforcement Learning:
An Introduction. Cambridge, MA: The MIT Press.
von Neumann, J. 1928. Zur Theorie der Gexellschaftsspiele.
In Annals of Mathematics 100: 195–320. doi.org/10.1007/
von Stackelberg, H.; Bazin, D.; Urch, L.; and Hill, R. 2011.
Market Structure and Equilibrium. Berlin: Springer.
Whaley, B. 1969. Stratagem: Deception and Surprise in War.
Cambridge, MA: Artech House.
Sunny Fugate is a senior research scientist for the US Navy’s
SPAWAR System Center, Pacific and the center’s senior scientific technical manager (SSTM) for cyber warfare. During
the last 16 years, Fugate has run numerous research programs to explore the intersections of cyber defense, cognitive science, game theory, and artificial intelligence. Fugate
earned a BS in electrical engineering from the University of
Nevada in 2002 and a PhD in computer science at the University of New Mexico in 2012. Fugate’s current efforts are
focused on improving the human factors of cyber defense
and exploring opportunities to improve cyber defense using
defensive deception and game theory.
Kimberly Ferguson-Walter is a senior research scientist
with the US National Security Agency’s Information Assurance Research Group. She earned a BS in information and
computer science from the University of California, Irvine,
and an MS in computer science from the University of Massachusetts, Amherst, both specializing in artificial intelligence. She is currently a PhD candidate at the University of
Massachusetts, Amherst, with a focus on adaptive cybersecurity. Her research interests are focused on the intersection
of computer science and human behavior. She has been
focused on adaptive cybersecurity at the agency for the past
eight years and is the lead for the Research Directorate’s
deception for cyber defense effort. She is currently on joint-duty assignment to SPAWAR Systems Center, Pacific to perform collaborative research and facilitate strategic alignment and technology transfers.