Deception in Network Defences Using Unpredictability

In this article, we propose a novel method that aims to improve upon existing moving-target defences by making them unpredictably reactive using probabilistic decision-making. We postulate unpredictability can network in two key capacities: (1) re-configuring the direct response detected threats, tailored current threat and security posture, (2) deceiving adversaries pseudo-random decision-making (selected from set of acceptable responses), potentially leading adversary delay failure. Decisions are performed automatically, based on reported events (e.g., Intrusion Detection System (IDS) alerts), mission processes, states assets. Using codified form situational awareness, our system respond differently threats each time attacker activity is observed, acting as barrier further activities. demonstrate feasibility with both anomaly- misuse-based detection alerts, for historical dataset (playback), real-time simulation where asset-to-mission mappings known. Our findings suggest yields promise new approach deception laboratory settings. Further research will be necessary explore production environments.