Towards Cyber Attribution by Deception

This paper discusses a technical solution that will help to bring the cyber defenders and investigators one step closer to successful cyber attribution: deception technology. The goal is to detect abnormal activities taking place in the computer system by planting so called fake entities into the system. These fake entities appear to be interesting and valuable for the attacker. The deceptive defense mechanism then waits for the malicious adversary to interact with these fake entities. A fake entity can be anything from a fabricated file to a fake user account in a system. This paper takes a look at how different fake entities can be used for cyber attribution. We conclude that deception technology and fake entities have lots of potential for further development when trying to solve the challenge of cyber attribution.