Looking from the hacker's perspective: Role of deceptive strategies in cyber security

Abstract

Cyber-attacks are increasing in the real-world and they cause widespread damage to cyber-infrastructure and loss of information. Deception, i.e., the act of making someone believe something that is not true, could be a way of countering cyber-attacks. In this paper, we propose a deception game, which we used to evaluate the decision-making of a hacker in the presence of deception. In an experiment, using the deception game, we analyzed the effect of two between-subjects factors (N = 100 participants): Amount of deception (high and low) and the timing of deception (early and late). Results revealed that use of early deception made hackers trust the system's response and get deceived. However, the amount of deception did not influence hacker's trust on the system's response. In addition, use of a deceptive strategy, i.e., when hackers moved from deception rounds to non-deception rounds, caused hackers to get deceived and not attack the system.