In an interconnected digital world being enriched by smart devices, any passive solution for protecting infrastructure is doomed to fail. No matter how many defenses are implemented, attackers can infiltrate networked systems by exploiting technological or human vulnerabilities. In a scenario where the attackers have all the advantages, deception is a strategy that can slow down and divert attackers from penetrating the real infrastructure. Current platforms do create decoy environments to detect and divert threats, but attackers have developed methods to bypass these static deception systems. We propose a novel approach that is based on strategic dynamic deception where the system deceptor continuously analyzes the architecture and the traffic, and deploys credible decoy components. It leverages a combination of technologies such as virtualization, infrastructure as code, and generative AI to implement different types of decoys, such as similar system components, users, data, and network segments. The generation of small decoys should resemble the slow growth of a credible 'ivy,' so that it can attract even attackers who are already circulating in the system. When cyber threats are trapped in the fake portions of the infrastructure, many countermeasures can be activated, although these are outside the scope of this paper. Here we focus on strategies and technologies that can generate and deploy dynamic deception infrastructures. Our solution paves the way toward new approaches to cybersecurity that are based on proactive strategic deception.
Russo, S., Zanasi, C., Colajanni, M. (2025). Cyber Defense Through Strategic Dynamic Deception. NATO CCD COE Publications [10.23919/cycon65856.2025.11103713].
Cyber Defense Through Strategic Dynamic Deception
Russo, Silvio;Zanasi, Claudio;Colajanni, Michele
2025
Abstract
In an interconnected digital world being enriched by smart devices, any passive solution for protecting infrastructure is doomed to fail. No matter how many defenses are implemented, attackers can infiltrate networked systems by exploiting technological or human vulnerabilities. In a scenario where the attackers have all the advantages, deception is a strategy that can slow down and divert attackers from penetrating the real infrastructure. Current platforms do create decoy environments to detect and divert threats, but attackers have developed methods to bypass these static deception systems. We propose a novel approach that is based on strategic dynamic deception where the system deceptor continuously analyzes the architecture and the traffic, and deploys credible decoy components. It leverages a combination of technologies such as virtualization, infrastructure as code, and generative AI to implement different types of decoys, such as similar system components, users, data, and network segments. The generation of small decoys should resemble the slow growth of a credible 'ivy,' so that it can attract even attackers who are already circulating in the system. When cyber threats are trapped in the fake portions of the infrastructure, many countermeasures can be activated, although these are outside the scope of this paper. Here we focus on strategies and technologies that can generate and deploy dynamic deception infrastructures. Our solution paves the way toward new approaches to cybersecurity that are based on proactive strategic deception.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
