On the response policy of software decoys: Conducting software-based deception in the cyber battlespace

摘要

Intelligent software decoys employ deception techniques to maintain the interaction between themselves and calling processes or threads that violate the contracts of the software components that the decoys defend. The software decoy's goal is to learn about the nature of such interactions before either terminating the interaction or treating the calling process or thread as a cyber combatant. Software components can be wrapped at any level of abstraction, from web applets to operating system calls. It is foreseeable that the decoying actions, termination of interaction, or counterattack by the decoy could in some way violate the law of armed conflict. In this paper we examine the response policy of software decoys in terms of discrimination, necessity, proportionality, and chivalry on the cyber battlefield.