Cyberdeception represents an important issue of cybersecurity and a growing concern that affects more and more activity sectors in the present digital age. Cyberdeception aims to transmit false or counterfeit information on the Internet. On the negative side, criminals deliberately mislead the representatives of some organization, disguising themselves as reliable suppliers, customers, employees, and so on. There is also a positive side, when cyberdeception allows defense by fraud, such as an action against an opponent to create uncertainty and confusion, or to change the perception of reality through delays and misinformation.
The purpose of this book is both to provide a systematic overview of cyberdeception and also to provide a study guide for all readers. To be prepared for the content of this book, readers should have some basic background within the area of cybersecurity and computer programming. Introduction to cyberdeception is useful for students, researchers, and everyone else interested in gaining some understanding of the basics of information security.
The book contains 16 chapters, each of which is well structured and has a large number of exercises and a wide reference list. Five very useful appendices complete the book.
The first chapter introduces the basic concepts, the goals, and the terminology related to cyberdeception. Chapter 2, “Psychology of Deception,” and chapter 3, “Professional Deception,” set the general context for the deception-related thinking of military deceptions and marketing deceptions, starting with the role of deception in the psychological field.
In chapter 4, “Deception Methods for Defense,” and chapter 5, “Deception Methods for Offense,” more concepts of deception methods for defense and offense are clearly and concisely described, based on deception taxonomies.
Interesting details on the more useful deception techniques are given in the following five chapters: “Delays” (chapter 6), “Fakes ” (chapter 7), “Defensive Camouflage” (chapter 8), “False Excuses ” (chapter 9), and “Defensive Social Engineering” (chapter 10).
Measuring deception is a great challenge. The methods presented in chapter 11, “Measuring Deception,” offer some ways to do this, both for cyberattackers and cyberdefenders.
Chapter 12, “Planning Cyberspace Deception,” provides insights into the process of cyberdeception formulation and its outcomes. This chapter focuses on how a cost-benefit analysis of deception can be used as a method of cyberdeception planning. It offers an overview of the scientific understanding of the analysis of propagation of deceptions and describes quantifying tactics from the deception taxonomies. Finally, it describes how planning against attacks with deception is performed and how information theory can be used for computing the information content of the deception.
Chapter 13, “Software Engineering of Deceptive Software and Systems,” discusses deception architectures and more details related to deception implementation. This chapter focuses on defensive deceptive firewalls and offers an overview of the scientific understanding of honeypots. The last part of the chapter covers relevant strategies for the implementation of deception.
Chapter 14, “Decoy I/O Devices,” provides a detailed overview of the design and use of decoy devices designed to obtain secure systems. This chapter examines hardware support for decoy devices and concludes with a well-researched case study based on the implementation of a low-level network driver.
Cyberdeception provides focused operational capabilities for the defense of industrial control systems environments against cyber threats. Based on the example of an electrical power plant, chapter 15, “Deception for the Electrical Power Industry,” provides a detailed solution for the defense of electrical substations. The chapter continues with a concrete analysis of deception engineering for a real example of malware.
Chapter 16, “Law and Ethics for Software Deception,” covers the topics of law and ethics. In this chapter, readers will learn to identify major laws that relate to the practice of deception as well as come to understand the legal aspects as they apply to cyberdeception.
One of the aims of this book is to provide a course reader to support the teaching of cyberdeception. Also, young researchers, managers, and anyone interested in the problem of cyberdeception will find in this book a great opportunity to learn about the topic. I highly recommend this book for anyone who is looking for an engaging and reader-friendly introduction to cyberdeception.
