Abstract
Deceptive techniques played a prominent role in many hu- man conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to com- puting since at least the 1980s. However, many computer defenses that uses deception were ad-hoc attempts to incor- porate deceptive elements in them. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of why deception fundamentally works and what are the essen- tial principles in using such techniques. We investigate the unique advantages deception-based mechanisms bring to tra- ditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception to many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be de- signed to exploit specific adversaries’ biases. We investigate these biases and discuss how can they be used by presenting a number of examples.