Autonomous Cyber Deception

1. Front Matter

   Pages i-xii

   PDF

2. Cyber Deception Reasoning Frameworks

   1. Front Matter

      Pages 1-1

      PDF

   2. Using Deep Learning to Generate Relational HoneyData

      • Nazmiye Ceren Abay, Cuneyt Gurcan Akcora, Yan Zhou, Murat Kantarcioglu, Bhavani Thuraisingham

      Pages 3-19

   3. Towards Intelligent Cyber Deception Systems

      • Fabio De Gaspari, Sushil Jajodia, Luigi V. Mancini, Giulio Pagnotta

      Pages 21-33

   4. Honeypot Deception Tactics

      • Neil C. Rowe

      Pages 35-45

3. Dynamic Decision-Making for Cyber Deception

   1. Front Matter

      Pages 47-47

      PDF

   2. Modeling and Analysis of Deception Games Based on Hypergame Theory

      • Jin-Hee Cho, Mu Zhu, Munindar Singh

      Pages 49-74

   3. Dynamic Bayesian Games for Adversarial and Defensive Cyber Deception

      • Linan Huang, Quanyan Zhu

      Pages 75-97

4. Network-Based Deception

   1. Front Matter

      Pages 99-99

      PDF

   2. CONCEAL: A Strategy Composition for Resilient Cyber Deception: Framework, Metrics, and Deployment

      • Qi Duan, Ehab Al-Shaer, Mazharul Islam

      Pages 101-124

   3. NetShifter: A Comprehensive Multi-Dimensional Network Obfuscation and Deception Solution

      • Gahng-Seop Ahn, Kyung Joon Kwak, Alexey Bogaevskiy, Jason Li, Gregory Briskin, Robert Vaeth

      Pages 125-146

   4. Deception-Enhanced Threat Sensing for Resilient Intrusion Detection

      • Frederico Araujo, Gbadebo Ayoade, Kevin W. Hamlen, Latifur Khan

      Pages 147-165

   5. HONEYSCOPE: IoT Device Protection with Deceptive Network Views

      • Reham Mohamed, Terrence O’Connor, Markus Miettinen, William Enck, Ahmad-Reza Sadeghi

      Pages 167-181

5. Malware Deception

   1. Front Matter

      Pages 183-183

      PDF

   2. gExtractor: Automated Extraction of Malware Deception Parameters for Autonomous Cyber Deception

      • Mohammed Noraden Alsaleh, Jinpeng Wei, Ehab Al-Shaer, Mohiuddin Ahmed

      Pages 185-207

   3. Malware Deception with Automatic Analysis and Generation of HoneyResource

      • Zhaoyan Xu, Jialong Zhang, Zhiqiang Lin, Guofei Gu

      Pages 209-235

6. Correction to: Autonomous Cyber Deception

   • Ehab Al-Shaer, Jinpeng Wei, Kevin W. Hamlen, Cliff Wang

   Pages C1-C2

This textbook surveys the knowledge base in automated and resilient cyber deception. It features four major parts: cyber deception reasoning frameworks, dynamic decision-making for cyber deception, network-based deception, and malware deception.

 An important distinguishing characteristic of this book is its inclusion of student exercises at the end of each chapter. Exercises include technical problems, short-answer discussion questions, or hands-on lab exercises, organized at a range of difficulties from easy to advanced,.

 This is a useful textbook for a wide range of classes and degree levels within the security arena and other related topics. It’s also suitable for researchers and practitioners with a variety of cyber security backgrounds from novice to experienced.

• cyber deception
• deception metrics
• deep learning
• adversarial cyber deception
• differential privacy
• deception games
• deception parameters
• deception theory
• deceptive web service
• decoy deployment
• dynamic bayesian games
• dynamic planning
• honeypots
• honey resources
• hypergame theory
• intelligent agents
• Internet of Things
• malware analysis
• network obfuscation
• software defined networking

• Department of Software & Information System, University of North Carolina Charlotte, Charlotte, USA

  Ehab Al-Shaer

• Department of Software and Information System, University of North Carolina, Charlotte, USA

  Jinpeng Wei

• Computer Science Department, University of Texas at Dallas, Richardson, USA

  Kevin W. Hamlen

• Computing and Information Science Division, Army Research Office, Durham, USA

  Cliff Wang

Ehab Al-Shaer is a Professor and the Director of the Cyber Defense and Network Assurability (CyberDNA) Center in the School of Computing and Informatics at University of North Carolina Charlotte. His primary research areas are network security, security management, fault diagnosis, and network assurability. Prof. Al-Shaer edited/co-edited more than 10 books and book chapters, and published about 100 refereed journals and conferences papers in his area. Prof. Al-Shaer is the General Chair of ACM Computer and Communication 2009-2010 and NSF Workshop in Assurable and Usable Security Configuration, August 2008. Prof. Al-Shaer also served as a Workshop Chair and Program Co-chair for number of well-established conferences/workshops in his area including POLICY 2008, IM 2007, ANM-INFOCOM 2008, CCS-SafeConfig 09, MMNS 2001, and E2EMON 04-05. He also served as a member in the technical program and organization committees for many IEEE and ACM conferences. He was awarded many Best Paper Awards. Prof. Al-Shaer received his MSc and Ph.D. in Computer Science from the Northeastern University (Boston, MA) and Old Dominion University (Norfolk, VA) in 1998 and 1994 respectively.

 Dr. Jinpeng Wei leads the Systems Security Lab in the Department of Software and Information Systems at UNC Charlotte. His research focuses on theory, methods, and tools that enhance the security of systems software for a wide range of applications. His research topics include systems software vulnerability detection and mitigation, runtime verification of systems software security properties, stealthy malware detection, analysis and defense, secure software architecture, cloud computing security, and security problems in emerging application domains such as Internet of Things. His work has been published in premier venues such as ACSAC, ESORICS, Computers & Security, USENIX FAST, and USENIX ATC. He is the winner of three best paper awards and the AFRL Visiting Faculty Research Program (VFRP) award. His research has been funded by Air Force Research Lab, Department of Homeland Security, Department of Defense, Centre for Strategic Infocomm Technologies (CSIT), Singapore, and Electronics and Telecommunications Research Institute (ETRI). He has been a program committee member for more than 20 conferences (such as SecureComm 2014, IEEE CLOUD 2015, and ICDCS 2011), the Workshop Co-Chair of CollaborateCom 2014, and a reviewer for reputable journals such as ACM Computing Surveys, ACM Transactions on Computer Systems, Elsevier Journal of Computers and Security, and IEEE Transactions on Dependable and Secure Computing. Dr. Wei received a PhD in Computer Science from Georgia Institute of Technology, and prior to his appointment at UNC Charlotte he was a faculty member in the School of Computing and Information Sciences, Florida International University.



Kevin Hamlen is currently an Associate Professor in the Computer Science Department at the University of Texas at Dallas, and a Senior Technical Advisor of UTD's Cyber Security Research and Education Institute. His research focus concerns the field of language-based security, which leverages techniques from programming language theory and compilers to enforce software security. Topics of interest include in-lined reference monitors, type-safe intermediate languages, software abstract interpretation and model-checking, proof-carrying code, and certifying compilers. He also has ongoing projects related to malware defense and cloud computing security. His research is currently supported by grants from the U.S. Air Force Office of Scientific Research (AFOSR), the National Science Foundation (NSF), the Office of Naval Research (ONR), and Raytheon Company. See my CV for additional details. He received his Master's and Ph.D. degrees from Cornell University, where his doctoral research was part of the Language-Based Security For Malicious Mobile Code initiative. 


Cliff Wang from the US Army Research Office, Durham, NC, was named Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2016 for leadership in trusted computing and communication systems. His focus in the US Army Research Office is in the Information and Software Assurance division, which addresses the research and development of highly assured, self-healing and survivable software and information systems that address the processing and delivery of authentic, accurate, secure, reliable, and timely information, regardless of threat conditions.

Policies and ethics