{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T17:05:01Z","timestamp":1772643901639,"version":"3.50.1"},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"11-12","license":[{"start":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T00:00:00Z","timestamp":1710288000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T00:00:00Z","timestamp":1710288000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2024,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>As the capabilities of cyber adversaries continue to evolve, now in parallel to the explosion of maturing and publicly-available artificial intelligence (AI) technologies, cyber defenders may reasonably wonder when cyber adversaries will begin to also field these AI technologies. In this regard, some promising (read: scary) areas of AI for cyber attack capabilities are search, automated planning, and reinforcement learning. As such, one possible defensive mechanism against future AI-enabled adversaries is that of cyber deception. To that end, in this work, we present and evaluate Mirage, an experimentation system demonstrated in both emulation and simulation forms that allows for the implementation and testing of novel cyber deceptions designed to counter cyber adversaries that use AI search and planning capabilities.<\/jats:p>","DOI":"10.1007\/s12243-024-01018-4","type":"journal-article","created":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T08:32:32Z","timestamp":1710318752000},"page":"803-817","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Mirage: cyber deception against autonomous cyber attacks in emulation and simulation"],"prefix":"10.1007","volume":"79","author":[{"given":"Michael","family":"Kouremetis","sequence":"first","affiliation":[]},{"given":"Dean","family":"Lawrence","sequence":"additional","affiliation":[]},{"given":"Ron","family":"Alford","sequence":"additional","affiliation":[]},{"given":"Zoe","family":"Cheuvront","sequence":"additional","affiliation":[]},{"given":"David","family":"Davila","sequence":"additional","affiliation":[]},{"given":"Benjamin","family":"Geyer","sequence":"additional","affiliation":[]},{"given":"Trevor","family":"Haigh","sequence":"additional","affiliation":[]},{"given":"Ethan","family":"Michalak","sequence":"additional","affiliation":[]},{"given":"Rachel","family":"Murphy","sequence":"additional","affiliation":[]},{"given":"Gianpaolo","family":"Russo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,13]]},"reference":[{"key":"1018_CR1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-02110-8","volume-title":"Autonomous cyber deception","author":"E Al-Shaer","year":"2019","unstructured":"Al-Shaer E, Wei J, Kevin W et al (2019) Autonomous cyber deception. Springer"},{"key":"1018_CR2","doi-asserted-by":"crossref","unstructured":"Applebaum A, Miller D, Strom B et al (2016) Intelligent, automated red team emulation. In: Proceedings of the 32nd annual conference on computer security applications. Association for Computing Machinery, New York, NY, USA, ACSAC \u201916, pp 363\u2013373","DOI":"10.1145\/2991079.2991111"},{"key":"1018_CR3","unstructured":"Applebaum A, Miller D, Strom B et al (2017) Analysis of automated adversary emulation techniques. In: Proceedings of the summer simulation multi-conference, pp 1\u201312"},{"key":"1018_CR4","doi-asserted-by":"crossref","unstructured":"Bland JA, Petty MD, Whitaker TS et al (2020) Machine learning cyberattack and defense strategies. Comput Secur 92:101738","DOI":"10.1016\/j.cose.2020.101738"},{"key":"1018_CR5","unstructured":"Brockman G, Cheung V, Pettersson L et al (2016) OpenAI gym. arXiv preprint arXiv:1606.01540"},{"key":"1018_CR6","unstructured":"Chaudhari P (2022) BlackSun ransomware - the dark side of PowerShell. https:\/\/www.blogs.vmware.com\/"},{"key":"1018_CR7","unstructured":"DarkTrace (2020) Study finds AI-fueled attacks are not just sci-fi. https:\/\/www.darktrace.com\/"},{"key":"1018_CR8","unstructured":"Dykstra J, Shortridge K, Met J et al (2022) Sludge for good: slowing and imposing costs on cyber attackers. arXiv preprint arXiv:2211.16626"},{"key":"1018_CR9","unstructured":"Espeholt L, Soyer H, Munos R et al (2018) Impala: scalable distributed deep-RL with importance weighted actor-learner architectures. In: Proceedings of the international conference on machine learning (ICML)"},{"key":"1018_CR10","unstructured":"Ferguson-Walter K, Shade T, Rogers A et al (2018) The Tularosa study: an experimental design and implementation to quantify the effectiveness of cyber deception. Tech. rep., Sandia National Lab.(SNL-NM), Albuquerque, NM (United States)"},{"key":"1018_CR11","unstructured":"Ferguson-Walter K, Major M, Johnson CK et al (2021) Examining the efficacy of decoybased and psychological cyber deception. In: USENIX security symposium, pp 1127\u20131144"},{"key":"1018_CR12","unstructured":"Ferguson-Walter KJ (2020) An empirical assessment of the effectiveness of deception for cyber defense. PhD thesis, University of Massachusetts Amherst"},{"key":"1018_CR13","unstructured":"Fraunholz D, Anton SD, Lipps C et al (2018) Demystifying deception technology: a survey. arXiv preprint arXiv:1804.06196"},{"key":"1018_CR14","unstructured":"Gianvecchio S, Kouremetis M, Applebaum A (2022) Look ahead planner. https:\/\/www.medium.com\/"},{"issue":"6","key":"1018_CR15","doi-asserted-by":"publisher","first-page":"1291","DOI":"10.1109\/TSMCC.2012.2218595","volume":"42","author":"I Grondman","year":"2012","unstructured":"Grondman I, Busoniu L, Lopes GAD et al (2012) A survey of actor-critic reinforcement learning: standard and natural policy gradients. IEEE Trans Syst Man Cybern Part C Appl Rev 42(6):1291\u20131307. https:\/\/doi.org\/10.1109\/TSMCC.2012.2218595","journal-title":"IEEE Trans Syst Man Cybern Part C Appl Rev"},{"key":"1018_CR16","unstructured":"Guarino A (2013) Autonomous intelligent agents in cyber offence. In: 5th International conference on cyber conflict (CYCON 2013), IEEE, pp 1\u201312"},{"key":"1018_CR17","doi-asserted-by":"crossref","unstructured":"Islam MM, Dutta A, Sajid MSI et al (2021) CHIMERA: autonomous planning and orchestration for malware deception. In: 2021 IEEE Conference on communications and network security (CNS), IEEE, pp 173\u2013181","DOI":"10.1109\/CNS53000.2021.9705030"},{"key":"1018_CR18","volume-title":"Ending the cybersecurity arms race","author":"KM James Waldo","year":"2018","unstructured":"James Waldo KM (2018) Ending the cybersecurity arms race. Belfer Center for Science and International Affairs, Harvard Kennedy School"},{"issue":"1","key":"1018_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3372823","volume":"53","author":"N Kaloudi","year":"2020","unstructured":"Kaloudi N, Li J (2020) The AI-based cyber threat landscape: a survey. ACM Comput Surv (CSUR) 53(1):1\u201334","journal-title":"ACM Comput Surv (CSUR)"},{"key":"1018_CR20","doi-asserted-by":"publisher","unstructured":"Kanervisto A, Scheller C, Hautam\u00e4ki V (2020) Action space shaping in deep reinforcement learning. In: 2020 IEEE Conference on games (CoG), pp 479\u2013486. https:\/\/doi.org\/10.1109\/CoG47356.2020.9231687","DOI":"10.1109\/CoG47356.2020.9231687"},{"key":"1018_CR21","first-page":"1","volume":"1","author":"D Kirat","year":"2018","unstructured":"Kirat D, Jang J, Stoecklin M (2018) Deeplocker-concealing targeted attacks with AI locksmithing. Blackhat USA 1:1\u201329","journal-title":"Blackhat USA"},{"key":"1018_CR22","doi-asserted-by":"crossref","unstructured":"Kouremetis M, Alford R, Lawrence D (2023) Mirage: cyber deception against autonomous cyber attacks. In: Proceedings of the 7th cyber security in networking conference (CSNet 2023). IEEE, pp 163\u2013170","DOI":"10.1109\/CSNet59123.2023.10339776"},{"key":"1018_CR23","unstructured":"Lawrence D, Kouremetis M, Applebaum A et al (2022) Guided planner. https:\/\/www.medium.com\/"},{"key":"1018_CR24","unstructured":"Li L, Fayad R, Taylor A (2021) CyGIL: A cyber gym for training autonomous agents over emulated network systems. arXiv preprint arXiv:2109.03331"},{"key":"1018_CR25","doi-asserted-by":"crossref","unstructured":"Li Y (2018) Deep reinforcement learning: an overview. arXiv:1701.07274","DOI":"10.1201\/9781351006620-1"},{"key":"1018_CR26","unstructured":"Liang E, Liaw R, Nishihara R, et al (2018) RLlib: abstractions for distributed reinforcement learning. In: Proceedings of the 35th international conference on machine learning, vol 80. PMLR, pp 3053\u20133062"},{"key":"1018_CR27","unstructured":"Microsoft Defender Research Team (2021) CyberBattleSim. https:\/\/github.com\/, created by Christian Seifert, Michael Betser, William Blum, James Bono, Kate Farris, Emily Goren, Justin Grana, Kristian Holsheimer, Brandon Marken, Joshua Neil, Nicole Nichols, Jugal Parikh, Haoran Wei"},{"key":"1018_CR28","unstructured":"MITRE Corporation (2022) MITRE Caldera: a scalable, automated adversary emulation platform. https:\/\/www.github.com\/"},{"key":"1018_CR29","unstructured":"MITRE Corporation (2023) MITRE engage: a framework for planning and discussing adversary engagement operations. https:\/\/engage.mitre.org\/"},{"key":"1018_CR30","unstructured":"Nawrocki M, W\u00e4hlisch M, Schmidt TC et al (2016) A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249"},{"key":"1018_CR31","volume-title":"This is how they tell me the world ends: winner of the FT & McKinsey business book of the year award 2021","author":"N Perlroth","year":"2021","unstructured":"Perlroth N (2021) This is how they tell me the world ends: winner of the FT & McKinsey business book of the year award 2021. Bloomsbury Publishing"},{"key":"1018_CR32","unstructured":"Pramod B, Beesetty Y, Vineet K (2022) Deception technology market. Tech. Rep. A31357, Allied Market Research"},{"key":"1018_CR33","doi-asserted-by":"crossref","unstructured":"Reti D, Fraunholz D, Elzer K et al (2022) Evaluating deception and moving target defense with network attack simulation. In: Proceedings of the 9th ACM workshop on moving target defense, pp 45\u201353","DOI":"10.1145\/3560828.3564006"},{"key":"1018_CR34","doi-asserted-by":"crossref","unstructured":"Sajid MSI, Wei J, Alam MR et al (2020) Dodgetron: towards autonomous cyber deception using dynamic hybrid analysis of malware. In: 2020 IEEE Conference on communications and network security (CNS), IEEE, pp 1\u20139","DOI":"10.1109\/CNS48642.2020.9162202"},{"key":"1018_CR35","doi-asserted-by":"crossref","unstructured":"Sajid MSI, Wei J, Abdeen B et al (2021) Soda: a system for cyber deception orchestration and automation. In: Annual computer security applications conference, pp 675\u2013689","DOI":"10.1145\/3485832.3485918"},{"key":"1018_CR36","unstructured":"Schulman J, Wolski F, Dhariwal P et al (2017) Proximal policy optimization algorithms. arXiv:1707.06347"},{"key":"1018_CR37","doi-asserted-by":"crossref","unstructured":"Shade T, Rogers A, Ferguson-Walter K et al (2020) The Moonraker study: an experimental evaluation of host-based deception. In: HICSS, pp 1\u201310","DOI":"10.24251\/HICSS.2020.231"},{"issue":"7676","key":"1018_CR38","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1038\/nature24270","volume":"550","author":"D Silver","year":"2017","unstructured":"Silver D, Schrittwieser J, Simonyan K et al (2017) Mastering the game of go without human knowledge. Nature 550(7676):354\u2013359","journal-title":"Nature"},{"key":"1018_CR39","unstructured":"Spafford E (2011) More than passive defense. https:\/\/www.cerias.purdue.edu\/"},{"key":"1018_CR40","unstructured":"Standen M, Lucas M, Bowman D et al (2021) CybORG: a gym for the development of autonomous cyber agents. arXiv preprint arXiv:2108.09118"},{"issue":"2","key":"1018_CR41","doi-asserted-by":"publisher","first-page":"1937","DOI":"10.11591\/ijece.v12i2.pp1937-1944","volume":"12","author":"TC Truong","year":"2022","unstructured":"Truong TC, Plucar J, Diep BQ et al (2022) X-ware: a proof of concept malware utilizing artificial intelligence. Int J Electr Comput Eng (IJECE) 12(2):1937\u20131944","journal-title":"Int J Electr Comput Eng (IJECE)"},{"key":"1018_CR42","unstructured":"Walter E, Ferguson-Walter K, Ridley A (2021) Incorporating deception into Cyber- BattleSim for autonomous defense. arXiv preprint arXiv:2108.13980"},{"key":"1018_CR43","doi-asserted-by":"publisher","unstructured":"Wang C, Lu Z (2018) Cyber deception: overview and the road ahead. IEEE Secur Priv 16(2):80\u201385. https:\/\/doi.org\/10.1109\/MSP.2018.1870866","DOI":"10.1109\/MSP.2018.1870866"},{"key":"1018_CR44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2021\/8690662","volume":"2021","author":"Z Wang","year":"2021","unstructured":"Wang Z, Zhang Y, Liu Z et al (2021) An automatic planning-based attack path discovery approach from IT to OT networks. Secur Commun Netw 2021:1\u201318","journal-title":"Secur Commun Netw"},{"key":"1018_CR45","doi-asserted-by":"crossref","unstructured":"Zhang L, Thing VL (2021) Three decades of deception techniques in active cyber defenseretrospect and outlook. Comput Secur 106:102288","DOI":"10.1016\/j.cose.2021.102288"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-024-01018-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12243-024-01018-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-024-01018-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,29]],"date-time":"2024-11-29T23:03:33Z","timestamp":1732921413000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12243-024-01018-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,13]]},"references-count":45,"journal-issue":{"issue":"11-12","published-print":{"date-parts":[[2024,12]]}},"alternative-id":["1018"],"URL":"https:\/\/doi.org\/10.1007\/s12243-024-01018-4","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"value":"0003-4347","type":"print"},{"value":"1958-9395","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,13]]},"assertion":[{"value":"19 December 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 February 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 March 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}