[AISWorld] CFP -- HICSS 53 -- Defensive Cyber Deception Minitrack

[Matt Levy]

Minitrack: Cyber Deception for Defense
Track: Digital Government

Creating a system that is always protected and secure in all situations
against all attackers is a far-reaching and likely impossible goal. It is
important for researchers to continue to move systems closer towards
absolute security, but it is also essential to create techniques so a
system can adaptively defend against an attacker who circumvents the
current security. Deception for cyber defense starts to get towards that
goal—to rebalance the asymmetric nature of computer defense by increasing
attacker workload while decreasing that of the defender.
Cyber deception is one defensive technique that considers the human
component of a cyber attack. Deception holds promise as a successful tactic
for making an attacker’s job harder because it does more than just block
access: it can also cause the attacker to waste both time and effort.
Moreover, deception can be used by a defender to impart an incorrect belief
in the attacker, the effects of which can go beyond any static defense.
Understanding the human cognition and behavior of both the cyber defender
and cyber attacker is a critical component of cybersecurity.

In the cyber world, an attacker only knows what is perceived through
observation of the target network. The intruder is often thousands of miles
away from the network to which he or she is attempting to gain entry.
Networks often unintentionally provide more information to an attacker than
defenders would like. However, the network owner also has the opportunity
to reveal information he or she desires the attacker to know—including
deceptive information. Because network information is often complex and
incomplete, it provides a natural environment in which to embed deception
since, in chaos, there is opportunity. Deception can alter the mindset,
confidence, and decision-making process of an attacker, which can have more
significant effects than traditional defenses. Furthermore, using deception
for defensive purposes gives the defender at least partial control of what
an attacker knows, which can provide opportunities for strategic
interaction with an attacker.

These research efforts require an interdisciplinary approach and track is
soliciting papers across multiple disciplines. It is essential to
understand attacker and defender cognition and behavior to effectively and
strategically induce cognitive biases and increase cognitive load, making
our systems difficult to attack.

Topics of interest include (but are not limited to):

-- The science of Deception (e.g., evaluation techniques, deception
frameworks applied to cyber);
-- The practice of Cyber Deception (e.g., case studies, deception
technology, deception detection);
-- Understanding/influencing the cyber adversary (e.g., adversary
emulation, measures of effectiveness);
-- Psychological and social-cultural adversarial mental models that can be
used to estimate and predict adversarial mental states and decision
processes;
-- Cognitive Modeling of cyber tasks;
-- Adversary observation/learning schemes through both active multi-level
“honey bait” systems and passive watching, in conjunction with active
learning and reasoning to deal with partial information and uncertainties;
-- Oppositional Human Factors to induce cognitive biases and increase
cognitive load for cyber attackers;
-- Metrics for quantifying deception effectiveness in driving adversary
mental state and in determining optimized deception information composition
and projection;
-- Experimental Design, approaches, and results;
-- Theoretical formulation for a one-shot or multiple rounds of
attacker/defender interaction models;
-- Identification of social/cultural factors in mental state estimation and
decision manipulation process;
-- Cyber maneuver and adaptive defenses;
-- Protecting our autonomous systems from being deceived;
-- Policy hurdles, solutions, and case studies in the adoption of cyber
deception technologies.

Important Deadlines:
April 15: Paper submission begins.
June 15 | 11:59 pm HST: Paper submission deadline
August 17 | 11:59 pm HST: Notification of Acceptance/Rejection
September 4 | 11:59 pm HST: Deadline for authors to submit the revised
version of papers accepted with mandatory changes (A-M)
September 11: Notification of Acceptance/Rejection for A-M papers
September 22: Deadline for authors to submit final manuscript for
publication
October 1: Deadline for at least one author of each paper to register for
the conference

Minitrack Chairs:
Kimberly Ferguson-Walter
Department of Defense
Kimberly.ferguson-wa at navy.mil

Sunny Fugate
Naval Information Warfare Center Pacific
fugate at spawar.navy.mil

Cliff Wang
Army Research Office
xiaogang.x.wang.civ at mail.mil