engleski

Threat Defense: Cyber Deception Approach and Education for Resilience in Hybrid Threats Model

This paper aims to explore the cyber deception- based approach and to design a novel conceptual model of hybrid threats which includes deception methods. Security programs primarily focused on prevention- based strategies aimed at stopping attackers from getting into the network. These programs attempt to use hardened perimeters and endpoint defenses by recognizing and blocking malicious activities to detect and stop attackers before they can get in. Most organizations implement such a strategy by fortifying their networks with defense-in-depth through layered prevention controls. Detection controls are usually placed to augment prevention at the perimeter, and not as consistently deployed for in- network threat detection. This architecture leaves detection gaps that are difficult to fill with existing security controls not specifically designed for that role. Rather than using prevention alone, a strategy that attackers have consistently succeeded against, defenders are adopting a more balanced strategy that includes detection and response. Most organizations deploy an intrusion detection system (IDS) or next- generation firewall that picks up known attacks or attempts to pattern match for identification. Other detection tools use monitoring, traffic, or behavioral analysis. These reactive defenses are designed to detect once they are attacked yet often fail. They also have some limitations because they are not designed to catch credential harvesting or attacks based on what appears as authorized access. They are also often seen as complex and prone to false positives, adding to analyst alert fatigue. The security industry has focused recent innovation in finding more accurate ways to recognize malicious activity with technologies such as user and entity behavioral analytics (UEBA), big data, artificial intelligence (AI), and deception. Cyber Deception nowadays provides an opportunity to scare, deter, and retaliate against those that violate organizations' systems. We demonstrate this by designing the novel conceptual model of hybrid threats in hybrid warfare as a combination of multiple conventional and unconventional tools of warfare, which allows responding to security threats. Authors investigate the cyber deception approach for threat detection using deception- based methods along with military education for cybersecurity to achieve it and the role it plays in detecting, identifying, and responding to threats.

cyber attack ; cyber deception ; cyber threats ; hybrid threats model ; resilience

A special issue of Symmetry "Blockchain- Enabled Technology for IoT Security, Privacy and Trust" belongs to the section "Computer and Engineering Science and Symmetry". Funding information: Kultúrna a Edukacná Grantová Agentúra MŠVVaŠ SR: 011TUKE4/2020