You are here

Cyber Deception for Network Defense


TECHNOLOGY AREA(S): Information Systems

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 5.4.c.(8) of the solicitation and within the AF Component-specific instructions. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws. Please direct questions to the AF SBIR/STTR Contracting Officer, Ms. Gail Nyikon,


OBJECTIVE: Research and develop technology to provide a cyber deception capability that could be employed by commanders to provide false information, confuse, delay, or otherwise impede cyber attackers to the benefit of friendly forces.


DESCRIPTION: Deception is defined as a "deliberate act perpetrated by a sender to engender in a receiver’s beliefs contrary to what the sender believes is true to put the receiver at a disadvantage.” (1) Military deception is defined as “those actions executed to deliberately mislead adversary decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission.” (2) Military forces have used techniques such as camouflage, feints, chaff, jammers, fake equipment, false messages or traffic, etc. for thousands of years to alter an enemy’s perception of reality.

This effort will examine the typical attack steps of; reconnaissance (where the enemy researches, identifies and selects the target), scanning (where detailed information about the target is obtained allowing a specific attack to be crafted), gaining access (where the attack is carried out), and maintaining access (where the attack evidence is deleted and information is exfiltrated or altered/destroyed) to identify where and how deception technologies can be brought to bear to thwart the objectives of an attack.

It is believed that deception techniques, working in conjunction with normal cyber defense methods, can alter the underlying attack process, making it more difficult, time consuming and cost prohibitive. Some work has already been done in cyber deception technologies; i.e., honeypots are computers designed to attract attackers by impersonating another machine that may be worthy of being attacked, honeynets take that further by simulating a number of computers or a network, and products such as the Deception Toolkit conveys an impression of the defenses of a computer system that are different from what they really are by creating phony vulnerabilities. Modern day military planners need a capability that goes beyond the current state-of-the-art in cyber deception to provide a system or systems that can be employed by a commander when needed to enable additional deception to be inserted into cyber operations.


PHASE I: 1. Design and develop techniques and technologies that could be employed in a representative scenario based on the criticality of the cyber situation and/or INFOCON status, 2. Conduct a complete comparative analysis and, 3. Conduct a proof-of-feasibility demonstration of key enabling concepts.


PHASE II: 1. Develop and demonstrate a prototype that implements the Phase I methodology, 2. Identify appropriate performance metrics for evaluation, 3. Generate a cost estimate and implementation guidance for both a modest pilot project and fielding at the Air Force, regional Network Operations and Security Center or other suitable command level, and 4. Detail the plan for the Phase III.


PHASE III DUAL USE APPLICATIONS: Cyber deception capability in military or commercial networks. 


KEYWORDS: Cyber Deception, Military Deception, Digital Deception, Active Cyber Defense

US Flag An Official Website of the United States Government