Cyber Deception


Posted: March 8, 2016 | By: Dave Climek, Anthony Macera, Walt Tirenin

AFRL/RIGA Approach

AFRL/RIGA initiated a deception effort under the Cyber Agility program in FY15.

This exploratory effort will have an emphasis on technologies that delay the attacker in the reconnaissance through weaponization stages of an attack, and also aid defenses by forcing an attacker to move and act in a more observable manner. This technology seeks to provide deception in our systems and networks at multiple levels and in multiple forms, recognizing that attackers target our cyber infrastructure across the various protocol and system layers. Techniques across the host and network layers or a hybrid thereof, will be explored in order to provide AF cyber operations with effective, flexible, and rapid deployment options.

Network-based deception approaches may focus on manipulating network activities to mask, fabricate, or simulate authentic operational networks. For example, they may generate displays or ruses in terms of fake “mirage” networks, or attribute characteristics to real networks that mislead the attacker about their structure, critical nodes, etc. These techniques may be particularly effective for deceiving attackers during the reconnaissance stage of the attacker model. Host-based approaches can be utilized to isolate critical resources while exposing falsified resources to an adversary as a facade, creating the impression of authentic information with associated processes where none will actually occur.

The techniques we develop should be capable of being operated in a proactive mode providing a constant confusion component, or may be employed by a commander only when additional obfuscation is required. Any techniques employed must appear to be genuine to an attacker, but at the same time be transparent to authorized users such that they do not waste unnecessary time, effort, or resources. Techniques at any layer of the protocol stack may be explored and implemented, but should be complementary to and/or leverage other DoD developed technologies.


AFRL/RIGA initiated three deception contract awards under the Cyber Deception project in FY15. These efforts are summarized in Table 1. Additionally, there are six Phase 1 Small Business Innovative Research (SBIR) efforts that fall under the Cyber Deception project. The topic areas these efforts relate to are summarized in Table 2.



[1] Joint Publication 3-13.4, Military Deception, 26 January 2012

[2] Bodeau, D., & Graubart, R. (2013, November). Intended effects of cyber resiliency techniques on adversary activities. In Technologies for Homeland Security (HST), 2013 IEEE International Conference on (pp. 7-11). IEEE.

[3] J. Lowry, R. Valdez, B. Wood, “Adversary Modeling to Develop Forensic Observables.” Digital Forensic Research Workshop, 2004.

[4] W. Tirenin and D. Faatz, “A Concept for Strategic Cyber Defense,” Military Communications Conference (MILCOM) ‘99, 1999.

[5] The Deception Toolkit Home Page and Mailing List,

[6] Thwarting cyber-attack reconnaissance with inconsistency and deception. Rowe, N and Goh, HC, Information Assurance and Security Workshop, 2007. IEEE SMC, 2007.

[7] Chabrow, E. Intelligent Defense Against Intruders. Government Information Security. [Online] May 23, 2012.

[8] U.S. Naval Academy. Phases of a Cyber-Attack / Cyber-Recon. US Naval Academy. [Online]


Approved for Public Release; Distribution Unlimited: 88ABW-2015-4691 20151002

Focus Areas

Want to find out more about this topic?

Request a FREE Technical Inquiry!