An experimental comparison of real and artificial deception using a deception generation model (original) (raw)
Related papers
Psychological Vulnerabilities to Deception, for Use in Computer Security
2007
Vulnerability to deception is part of human nature, owing to fundamental limitations of the human mind. This vulnerability is exploited by con artists and scammers, but also by the military, intelligence, and law enforcement communities for the purposes of operational security, intelligence collection on adversaries, and undercover operations against organized crime. More recently, deception is being applied to computer security, for example, through the use of honeypots. This paper describes psychological vulnerabilities to deception and how they can be exploited to outwit computer hackers. The paper draws upon research in psychology and fraud, and the military and intelligence deception-literature.
Research on Deception in Defense of Information Systems
Our research group has been broadly studying the use of deliberate deception by software to foil attacks on information systems. This can provide a second line of defense when access controls have been breached or against insider attacks. The thousands of new attacks being discovered every year that subvert access controls say that such a second line of defense is desperately needed. We have developed a number of demonstration systems, including a fake directory system intended to waste the time of spies, a Web information resource that delays suspicious requests, a modified file-download utility that pretends to succumb to a buffer overflow, and a tool for systematically modifying an operating system to insert deceptive responses. We are also developing an associated theory of deception that can be used to analyze and create offensive and defensive deceptions, with especial attention to reasoning about time using temporal logic. We conclude with some discussion of the legal implications of deception by computers.
The general theory of deception: A disruptive theory of lie production, prevention, and detection
Psychological Review, 2022
The General Theory of Deception (GTD) aims to unify and complete the various sparse theoretical units that have been proposed in the deception literature to date, in a comprehensive framework fully describing from end to end how and when deceptive messages are produced, and how this can inform more effective prevention and detection. As part of the elaboration of the theory, the different ways people elaborate deceptive messages were first tracked by the author daily, over 3 years, resulting in the identification, description, and naming of 98 "Elementary Deception Modes" (86 verbal, 12 nonverbal) that can all be combined during one deceptive episode, thus leading to a total estimate of 10 29 different ways to lie. Central to the GTD is the "Five Forces Model", explaining precisely at which times deceptive messages occur and what factors compete to determine the types of messages that are most likely to be produced (truthful, refusal to answer, or deceptive-and with which deception modes). Finally, the process by which deceptive messages come to mind and are compared, both against each other and against the option of disclosing the truth, given memory's capacity and time limits, has been described in the form of a dynamic, continuous, and testable algorithm called the "Deception Decision Algorithm" (DDA). The practical insights derived from this new disruptive theory of lie production are discussed and a theory-based lie prevention and detection enhancement method is introduced. Finally, three series of experiments were carried out to test certain predictions of the theory, in particular the impact of the manipulation of factors within the Five Forces Model on the prevention and enhancement of deception detection, experimentally confirming the main predictions for practical applications of the GTD theory. The General Theory of Deception Camille Srour 12 Résumé La Théorie Générale du Mensonge (General Theory of Deception, GTD) vise à unifier et à compléter les unités théoriques éparses qui ont été proposées dans la littérature sur le mensonge à ce jour. A travers une théorie complète décrivant de bout en bout quand et comment les messages trompeurs sont produits, celle-ci fournit des clés pour une prévention et une détection du mensonge plus efficaces. Dans le cadre de l'élaboration de la théorie, les différentes manières dont tout un chacun élabore des messages trompeurs ont d'abord été suivies quotidiennement, sur une période de 3 ans, ce qui a permis d'identifier, de décrire et de nommer 98 « modes de mensonge élémentaires » (86 verbaux, 12 non verbaux), pouvant tous être combinés au cours d'un épisode mensonger, et conduisant ainsi à une estimation totale de 10 29 façons différentes de mentir. Elément central de la théorie GTD, le « Modèle des Cinq Forces » (Five Forces Model) explique précisément quand et comment les messages trompeurs sont générés et quels facteurs entrent en concurrence pour déterminer les types de messages les plus susceptibles d'être produits (véridique, refus de répondre ou mensonger-et avec quels modes de mensonge). Enfin, le processus par lequel les messages trompeurs viennent à l'esprit et sont comparés, à la fois entre eux et par rapport à l'option de révéler la vérité, compte tenu des limites temporelle et de capacité de la mémoire, a été décrit sous la forme d'un algorithme dynamique, continu et testable appelé « Algorithme de Décision de Mensonge » (Deception Decision Algorithm, DDA). Les applications pratiques et les prédictions découlant de cette nouvelle théorie disruptive de la production de mensonges sont discutées, et une méthode d'amélioration de la prévention et de la détection des mensonges fondée sur cette théorie est présentée. Enfin, trois séries d'expérimentations ont été conduites pour tester certaines prédictions de la théorie, notamment The General Theory of Deception Camille Srour 13 l'impact de la manipulation de facteurs du Modèle des Cinq Forces sur la prévention et l'amélioration de la détection du mensonge, confirmant expérimentalement les grandes prédictions à visée pratique de la théorie GTD.
Using Deception for Assuring Security
For each layer of information security there are a number of techniques and tools that can be used to ensure information superiority. Indeed some experts would argue that you can not have the former without the later. In today's technological & interconnected world though, information superiority is very hard to achieve and almost impossible to maintain. This paper will argue that the art of deception is a reliable and effective technique that can ensure and maintain the security of an infrastructure. The paper will conclude by presenting a technical solution of the above statement.
Examining the Efficacy of Decoy-based and Psychological Cyber Deception
2021
The threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques. Attackers often rely on direct observation of cyber environments. This reliance provides opportunities for defenders to affect attacker perception and behavior by plying the powerful tools of defensive cyber deception. In this paper we analyze data from a controlled experiment designed to understand how defensive deception, both cyber and psychological, affects attackers [16]. Over 130 professional red teamers participated in a network penetration test in which both the presence and explicit mention of deceptive defensive techniques were controlled. While a detailed description of the experimental design and execution along with preliminary results related to red teamer characteristics has been published, it did not address any of the main hypotheses. Granted access to the cyber and self-report data collected from the experiment, this publicati...
2012
This thesis explores the history of U.S. Army deception and doctrine, and combines the insights gained with the various works on deception, cognitive psychology, communications, and decision-making in order to distill a concise handbook for deception practitioners. A longitudinal review of U.S. Army doctrine reveals a wide variation in the treatment of deception, from emphasized to ignored. This variation can be primarily explained by the U.S. preference for the cumulative destruction style of war and the perceived balance of power between the U.S. and its adversaries. This thesis strives to fill the current doctrinal gap by distilling the existing body of work to create a theory of deception in the military context. The theory presented provides a cogent structure, taxonomy, and lexicon; as well as, emphasis on how deception functions within the frameworks of communications and decision-making. Next, a synthesis of the practice of deception is presented, with a focus on deception planning and the essential elements of deception practice. Examples of U.S. use of deception from the Revolutionary War to Operation DESERT STORM are presented to provide illumination on the utility and use of deception. Finally, the thesis provides recommendations on how to organize for deception operations.
American Economic Journal: Microeconomics, 2010
This paper proposes an equilibrium approach to belief manipulation and deception in which agents only have coarse knowledge of their opponent's strategy. Equilibrium requires the coarse knowledge available to agents to be correct, and the inferences and optimizations to be made on the basis of the simplest theories compatible with the available knowledge. The approach can be viewed as formalizing
Toward computer-aided support for the detection of deception
2004
An assumption undergirding decision making and negotiation regarding human interaction, that people's communication is determined to be truthful, has increasingly come under assault by daily reports of duplicity, scams, exaggerated claims, chicanery, fraud, exposed secrets, false identities, and sundry other forms of deception. Misrepresentations of facts, concealment of discrediting information, fraudulent reports, equivocal or strategically ambiguous messages, verbalisms meant to baffle, irrelevant comments intended to derail lines of inquiry-these and more are means by which deceit can infiltrate and sabotage interpersonal interactions, group decisions and negotiations. It is this timely issue that is the topic of the current issue, which is the fourth in a series examining deception in interpersonal and group interactions in face-to-face and online environments. Also part of this focus on deception are computer-aided tools for detecting deceit that may be of utility to group decisions and negotiations, whether used by researchers, analysts, or the participants themselves. The three preceding special issues on this topic included 14 articles from a wide array of authors representing such disciplines as information systems, communication, psychology, linguistics and computer science. The papers addressed topics ranging from theoretical models of deception and its detection, to behavioral indicators of deception and computer-aided tools for their detection, to the impact of such moderators on detection success as communication modality, group size, web experience, and motivation. Virtually all of the articles published so far either advanced a theory or were guided by a theoretical stance. In the first issue, Carlson, George, Burgoon, Adkins and White led with "Deception in Computer-Mediated Communication." Their theoretical synthesis merged interpersonal deception theory with channel expansion theory and