Detecting Deception in Cyber Conflict: A Strategic Approach

Deception is a strategy that has been widely used in cyber conflict. How to detect deception in a timely manner is always a challenge, especially for a cyber commander who is at the point of making decisions with respect to the actual target to go after, the exact location of the target, the starting and ending time of a cyber operation, the type of cyber operation, the way of launching the cyber operation, and the amount of resources and support needed. It is absolutely important for the cyber commander to know for sure that he/she is not deceived by the adversary so he/she will be able to make right decisions. Varied solutions do exist. However, they are either too narrow or too broad. The solutions represented by signature technology are narrow in scope, so that they are not capable of dealing with the deception that they have not handled before. The solutions represented by behavioral analysis are relatively broad, so that they require extra time to readjust their focuses, incorporate contextual information, and combine heterogeneous data resources in order to get to what is exactly needed. In addition, the use of contexts in analysis is at random and not in a systematic way in most cases. Even when contexts are included in analysis, their relations with the relevant events are not well explored in all these solutions. To address these issues, this paper proposes a new strategic and systematic solution applying the Operational-Level Cybersecurity Strategy Formation Framework. This new solution employs dynamic contexts analysis, baseline analysis, impact analysis, and benefit-cost analysis. A case study is provided to test the effectiveness of this solution in detecting deception in a timely manner. The benefits and limitations of this solution are discussed. The areas for further research are also suggested.