Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Towards in-situ Psychological Profiling of Cybercriminals Using Dynamically Generated Deception Environments

Jacob Quibell

TL;DR

The paper addresses the challenge of real-time, in-situ profiling of cybercriminals by leveraging dynamic cyber deception to infer attacker motives. It presents a cloud-based proof-of-concept that autonomously generates deception content based on observed attacker behavior, iteratively refines this content, and outputs motive predictions while exploring psychological profiling. Informal testing suggests the approach can correctly predict motives in controlled scenarios, and the discussion outlines practical constraints and a roadmap for validation and broader deployment. The work lays a foundation for integrating psychology, criminology, and game theory with cyber defense to move beyond traditional perimeter protection.

Abstract

Cybercrime is estimated to cost the global economy almost \$10 trillion annually and with businesses and governments reporting an ever-increasing number of successful cyber-attacks there is a growing demand to rethink the strategy towards cyber security. The traditional, perimeter security approach to cyber defence has so far proved inadequate to combat the growing threat of cybercrime. Cyber deception offers a promising alternative by creating a dynamic defence environment. Deceptive techniques aim to mislead attackers, diverting them from critical assets whilst simultaneously gathering cyber threat intelligence on the threat actor. This article presents a proof-of-concept (POC) cyber deception system that has been developed to capture the profile of an attacker in-situ, during a simulated cyber-attack in real time. By dynamically and autonomously generating deception material based on the observed attacker behaviour and analysing how the attacker interacts with the deception material, the system outputs a prediction on the attacker's motive. The article also explores how this POC can be expanded to infer other features of the attacker's profile such as psychological characteristics. By dynamically and autonomously generating deception material based on observed attacker behaviour and analysing how the attacker interacts with the deception material, the system outputs a prediciton on the attacker's motive. The article also explores how this POC can be expanded to infer other features of the attacker's profile such as psychological characteristics.

Towards in-situ Psychological Profiling of Cybercriminals Using Dynamically Generated Deception Environments

TL;DR

The paper addresses the challenge of real-time, in-situ profiling of cybercriminals by leveraging dynamic cyber deception to infer attacker motives. It presents a cloud-based proof-of-concept that autonomously generates deception content based on observed attacker behavior, iteratively refines this content, and outputs motive predictions while exploring psychological profiling. Informal testing suggests the approach can correctly predict motives in controlled scenarios, and the discussion outlines practical constraints and a roadmap for validation and broader deployment. The work lays a foundation for integrating psychology, criminology, and game theory with cyber defense to move beyond traditional perimeter protection.

Abstract

Cybercrime is estimated to cost the global economy almost \$10 trillion annually and with businesses and governments reporting an ever-increasing number of successful cyber-attacks there is a growing demand to rethink the strategy towards cyber security. The traditional, perimeter security approach to cyber defence has so far proved inadequate to combat the growing threat of cybercrime. Cyber deception offers a promising alternative by creating a dynamic defence environment. Deceptive techniques aim to mislead attackers, diverting them from critical assets whilst simultaneously gathering cyber threat intelligence on the threat actor. This article presents a proof-of-concept (POC) cyber deception system that has been developed to capture the profile of an attacker in-situ, during a simulated cyber-attack in real time. By dynamically and autonomously generating deception material based on the observed attacker behaviour and analysing how the attacker interacts with the deception material, the system outputs a prediction on the attacker's motive. The article also explores how this POC can be expanded to infer other features of the attacker's profile such as psychological characteristics. By dynamically and autonomously generating deception material based on observed attacker behaviour and analysing how the attacker interacts with the deception material, the system outputs a prediciton on the attacker's motive. The article also explores how this POC can be expanded to infer other features of the attacker's profile such as psychological characteristics.
Paper Structure (21 sections, 4 figures, 6 tables)

This paper contains 21 sections, 4 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Approach
  4. Attack Scenario
  5. System Design
  6. System Architecture
  7. Workflow
  8. Testing
  9. Discussion
  10. Outcomes
  11. Constraints
  12. Future Work
  13. Expansion of system to include network services
  14. System validation and data harvesting
  15. Development of model for behaviour analysis
  16. ...and 6 more sections

Figures (4)

  • Figure 1: High-level workflow of prediction system
  • Figure 2: System Architecture
  • Figure 3: Prediction function workflow
  • Figure 4: Model of end-to-end workflow