ACI Technical Reports

Cognitive Engagement in Active CyberDefense

Robert Thomson

Abstract

Cybersecurity is traditionally seen as an asymmetrical relationship between adversaries and defenders, however recent research has attempted to reverse this trend by operationalizing cognitive engagement for the purpose of enhancing adversary attribution. In a traditional networked environment, adversaries have low risk (low chance of getting caught) and potentially high reward (getting high-level access to privileged information), while defenders have a large attack surface to cover (all internal and external network access) and limited resources (computing and manpower) with which to defend their resources. Using deceptive techniques within networks allows defenders to better attribute attack behavior, which allows for increased data gathering and more targeted interventions. We discuss attribution techniques including the use of game theory and deception to maximize adversary interaction in a safer networked environment.