Towards Causal Models for Adversary Distractions
This addresses the need for better defenses against fast-moving automated adversaries in cybersecurity, but it is incremental as it builds on existing decoy research.
The paper tackled the problem of slowing automated adversaries in network security by evaluating decoy generation strategies, finding that the effectiveness depends on the types of objects used.
Automated adversary emulation is becoming an indispensable tool of network security operators in testing and evaluating their cyber defenses. At the same time, it has exposed how quickly adversaries can propagate through the network. While research has greatly progressed on quality decoy generation to fool human adversaries, we may need different strategies to slow computer agents. In this paper, we show that decoy generation can slow an automated agent's decision process, but that the degree to which it is inhibited is greatly dependent on the types of objects used. This points to the need to explicitly evaluate decoy generation and placement strategies against fast moving, automated adversaries.