Apate: defending legacy and modern networks with cyber-deception
Name of applicant
Emmanouil Vasilomanolakis
Title
Associate Professor
Institution
Technical University of Denmark
Amount
DKK 5,000,000
Year
2023
Type of grant
Semper Ardens: Accelerate
What?
Traditional cyber-security has been protecting networks mainly by building sophisticated "walls". However, experience shows that advanced attacks can still go through, especially when conducted against old, but critical, systems (e.g. an old power plant). Cyber-deception has emerged as a field of cyber-security that aims at deceiving attackers by trapping them in never-ending pursues.
Why?
The idea of tricking attackers through deception shows great potential not only because of technical reasons such as creating early warning systems and reducing the attack surface. Recent findings from the field of cyber-psychology suggest that a.) human attackers have bias in their attack decisions and b.) knowledge that deception exists can alter their strategy. This can be used against them.
How?
With Apate, the goddess of deception in ancient Greece, we propose the novel concept of gentle deception to protect old legacy systems. These deception traps are of low communication overhead and do not overwhelm the system they are protecting. Moreover, Apate utilizes theories from cyber-psychology by creating deception that takes into account human cognition aspects of attackers.