Unlikely Bedfellows? Visualizing Integration of Whaley’s Expanded Deception Framework and Soviet Reflexive Control Models to Collect Unique Attacker Behaviors

Abstract

This industry cyber deception practitioners’ short working paper visualizes the integration of an expanded Bell-Whaley deception framework and Soviet reflexive control modelling to design cyber deception approaches that can collect unique attacker behaviours. While we recognize the application of a deception framework and a cognitive model is unorthodox for collecting cyber threat information, integrating these approaches prompts alternative designs that both disrupt and influence attackers, which can yield rich behaviours as cyber threat information. We will feature unpublished Whaley notes on deception in this expanded Bell-Whaley framework. This practitioners’ short working paper will also introduce the application in cyber threat contexts of reflexive control methods for influencing decision-making and categories of “reflexive interactions”. We will visualize this integrated approach by modelling initial access by a cybercriminal along a network perimeter, who then starts to pivot within a small non-profit organization’s network, demonstrating how a small organization with limited resources can use reflexive control and deception to mimic and dazzle network packet flow to misdirect the attacker to a high-interaction honeypot. This visualized cyber deception design reflects what the attacker observes and likely processes. We will theorize in this visualization how an attacker might respond to this reflexive control and what cyber threat information it could collect.