Sage Journals: Discover world-class research

Abstract

As cyberattacks grow more sophisticated, it is critical to know about human engagement with network defenses. Honeypots—decoy systems that are intended to deceive attackers—have been promising, but we know little about how their performance varies with network design. With HackIT, a cybersecurity simulation tool, this paper examines attacker behavior on various network topologies (ring vs. star) and honeypot densities (50% vs. 75%). We conducted a human-subject experiment with 88 computer science students who were instructed to exploit mock networks without honeypot placement information. Outcomes showed that increased honeypot density maximized decoy interaction but also led to more real-system attacks in networks with a centralized (star) topology. Decentralized (ring) networks, however, were more robust with fewer honeypots. These findings suggest that attacker behavior reacts to perceived vulnerability and structural cues, affirming the imperative of including behavioral knowledge in cyber defense.

Keywords

cybersecurity honeypots network topology human behavior cyber deception attacker cognition

Get full access to this article

View all access options for this article.

References

Aggarwal

Gonzalez

Dutt

(2020). HackIT: A real-time simulation tool for studying real-world cyberattacks in the laboratory. In Handbook of Computer Networks and Cyber Security (pp. 949–959). Springer. https://doi.org/10.1007/978-3-030-22277-2_39

Almeshekah

Spafford

E. H.

(2016). Planning and integrating deception into computer security defenses. Computers & Security, 48, 168–180. https://doi.org/10.1016/j.cose.2014.09.007

Denning

D. E.

(1999). Information warfare and security. Addison-Wesley.

Endsley

M. R.

(1995). Toward a theory of situation awareness in dynamic systems. Human Factors, 37(1), 32–64. https://doi.org/10.1518/001872095779049543

Heckman

K. E.

Walsh

M. J.

Stech

F. J.

O’Boyle

T. A.

DiCato

S. R.

Herber

A. F.

(2013). Active cyber defense with denial and deception: A cyber-wargame experiment. Computers & Security, 37, 72–77. https://doi.org/10.1016/j.cose.2013.06.004

Jajodia

Liu

Swarup

Wang

(2016). Cyber deception: Building the scientific foundation. Springer. https://doi.org/10.1007/978-3-319-29920-4

Katakwar

Uttrani

Aggarwal

Dutt

(2022). Influence of different honeypot proportions on adversarial decisions in a deception game. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 66(1), 120–124.

Kott

(2014). “Towards fundamental science of cyber security.” In Pino

(Ed.), Network science and cybersecurity (Vol. 55, pp. 1–13). Springer. https://doi.org/10.1007/978-1-4614-7597-2_1

Moore

McQueen

Kelly

(2010). He economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection, 3(3–4), 103–117.

10.

Norman

D. A.

(1983). Some observations on mental models. In Gentner

Stevens

A. L.

(Eds.), Mental models (pp. 7–14). Lawrence Erlbaum.

11.

Parasuraman

Sheridan

T. B.

Wickens

C. D.

(2000). A model for types and levels of human interaction with automation. IEEE Transactions on Systems, Man, and Cybernetics—Part A: Systems and Humans, 30(3), 286–297. https://doi.org/10.1109/3468.844354

12.

Pawlick

Colbert

Zhu

(2019). A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy. ACM Computing Surveys, 52(4), 1–30. https://doi.org/10.1145/3337772

13.

Rowe

N. C.

(2003). Counterplanning deceptions to foil cyber-attack plans. In Proceedings of the IEEE Systems, Man and Cybernetics Society Information Assurance Workshop (pp. 203–210). IEEE. https://doi.org/10.1109/IAW.2003.1241046

14.

Rowe

N. C.

Custy

E. J.

(2008). Deception in cyber-attacks. In Cyber warfare and cyber terrorism (pp. 235–240). IGI Global. https://doi.org/10.4018/9781591409915.ch012

15.

Simon

H. A.

(1990). Invariants of human behavior. Annual Review of Psychology, 41, 1–20. https://doi.org/10.1146/annurev.ps.41.020190.000245

16.

Spitzner

(2003). The honeynet project: Trapping the hackers. IEEE Security & Privacy, 1(2), 15–23. https://doi.org/10.1109/MSECP.2003.1193207

Exposing Cyberthreats: How Attack Patterns Are Shaped by Network Topologies and Honeypot Techniques

Abstract

Keywords

Get full access to this article

References