Assessing the Effectiveness of Deception-Based Cyber Defense with CyberBattleSim

Deception-Based Cyber Defense technology involves deploying various elements within a network to deliberately mislead and deceive potential attackers, enabling the early detection and warning of cyber-attacks in their nascent stages. However, there is a lack of systematic research on defensive effectiveness, applicability in different scenarios, and potential synergies with other defense mechanisms of various deception technologies. To address this research gap, this study incorporates negative rewards within the CyberBattleSim platform to simulate the consequences imposed on adversaries when encountering deception techniques. We then assess the efficacy of diverse cyber deception strategies through the cumulative reward trend of attackers. Furthermore, we simulated the combined deployment of different deception technologies and the deployment of deception technology in distinct network scenarios, to evaluate the synergistic impact of deception technologies when coupled with other defensive measures and explore the suitable application scenarios of deception technology. The outcomes of multiple experiments conducted on the CyberBattleSim platform demonstrate that deception technology can impact attackers by delaying or preventing penetration and the combination of distinct deception techniques can yield varying enhancements in defense effectiveness. Additionally, the combination of Shock Trap and honeypot technology can maximize the defense effect.