ADEPT: Advanced Deception Enhancing Protection Technology
Background
Gathering information about the people attacking a vulnerable system yields a wealth of tactical data, including attribution, motivation and adversary expertise. To date, approaches have focused on the observed computer attack program behaviors rather than understanding the human behind the attack.
SIFT Approach
SIFT has designed the ADEPT (Advanced Deception Enhancing Protection Technology) system to assess attackers’ cognitive biases to learn about the human behind the attack to provide tactical information to defenders. ADEPT does not just observe adversaries, but proactively places them in situations that reveal their cognitive biases, including cultural biases and overall intents. ADEPT builds a metrics-based model of the attacker’s cognitive biases. Additionally, ADEPT analyzes attackers’ keystroke dynamics to determine their skills, handedness, and first language. As an adversary interacts with the system, ADEPT injects stimuli designed to learn about the adversary’s cognitive framework. ADEPT explores a novel approach for detecting adversarial intent, and by concentrating on the human behind the attack. ADEPT opens a new research direction in software protection that learns about the adversaries tampering providing a fuller picture to defenders and ultimately, to prevent future attacks.
Benefits
- Novel approach to collecting data and defending vulnerable systems.
- Collects real-world human attributes and cognitive biases.
- Offers defenders new metrics for understanding the adversary.