Integrating cyber-D&D into adversary modeling for active cyber defense

Abstract

This chapter outlines a concept for integrating cyber denial and deception (cyber-D&D) tools, tactics, techniques, and procedures (TTTPs) into an adversary modeling system to support active cyber defenses (ACD) for critical enterprise networks. We describe a vision for cyber-D&D and outline a general concept of operation for the use of D&D TTTPs in ACD.We define the key elements necessary for integrating cyber-D&D into an adversary modeling system. One such recently developed system, the Adversarial Tactics, Techniques and Common Knowledge (ATT&CKTM) Adversary Model is being enhanced by adding cyber-D&D TTTPs that defenders might use to detect and mitigate attacker tactics, techniques, and procedures (TTPs).We describe generalD&D types and tactics, and relate these to a relatively new concept, the cyber-deception chain.We describe how defenders might build and tailor a cyber-deception chain to mitigate an attacker's actions within the cyber attack lifecycle. While we stress that this chapter describes a concept and not an operational system, we are currently engineering components of this concept for ACD and enabling defenders to apply such a system.