Evaluating Deception Theories for Applicability to Cyber Operations

Authors

  • Tim Grant R-BAR
  • Simon Henderson Deception By Design

DOI:

https://doi.org/10.34190/eccws.24.1.3574

Keywords:

CND, CNE, CNA, manipulation, surprise, MDO

Abstract

Deception is essential to and inherent in cyber operations of all kinds. In defensive cyber operations, deception is the third line of defence after authentication and access control. Deception can be supported by intrusion detection systems monitoring for suspicious activity. Honeypots are the most obvious technique for misleading intruders, but delaying execution of commands, giving false excuses, and lying about the results may be more effective in some circumstances. Proactive defences also depend on deception. In offensive cyber operations, the attacker may manipulate someone to gain information. He/she may masquerade as an authorised user to access the target system or escalate privileges, install a rootkit to conceal his/her actions, bypass access control by installing a back door, or exfiltrate collected data within normal traffic. There is a wealth of theories of deception, overwhelmingly based on the physical world. Some theories are generic, others are specific to military operations, but few are specific to cyber deception. Some focus on the entities involved, while others focus on the deception process, which itself may be organisational or psychological. Several authors warn that analogies drawn from the physical environment may be counterintuitive in cyberspace. As Miller, Brickey and Conti (2012) memorably express it: “weapons can be reproduced instantly, ‘bullets’ travel at near the speed of light, destroyed targets can be brought back from the dead, and a seventeen year old can command an army”. This warning also applies to deception theory. The purpose of this paper is to evaluate key theories of deception for applicability to cyber operations in a multi-domain environment. There are five chapters. After the Introduction, Chapter 2 summarises relevant theory and doctrine. Chapter 3 summarises seven key theories of deception. Chapter 4 evaluates them, and outlines an ideal theory. Finally, Chapter 5 draws conclusions and recommends further work.

Author Biographies

Tim Grant, R-BAR

Tim Grant is retired but an active researcher (Professor emeritus, Netherlands Defence Academy). Tim has a BSc in Aeronautical Engineering (Bristol University), a Masters-level Defence Fellowship (Brunel University), and a PhD in Artificial Intelligence (Maastricht University). Tim's research focuses on offensive cyber operations and Command & Control. More details: https://www.linkedin.com/in/tim-grant-r-bar/.

Simon Henderson, Deception By Design

Simon Henderson is an independent deception consultant with over 30 years’ experience researching and teaching deception. He holds an HND in Computer Science (Portsmouth Polytechnic, 1987) and has worked for MOD, QinetiQ, and the Defence Academy of the UK. He now consults on deception, information operations, and cyberwarfare. See deceptionbydesign.com.

Downloads

Published

2025-06-25

Issue

Vol. 24 No. 1 (2025): Proceedings of the 24th European Conference on Cyber Warfare and Security

Section

Academic Papers

License

Copyright (c) 2025 European Conference on Cyber Warfare and Security

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.