{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,4]],"date-time":"2026-07-04T10:27:36Z","timestamp":1783160856737,"version":"3.54.6"},"reference-count":59,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2021,4,3]],"date-time":"2021-04-03T00:00:00Z","timestamp":1617408000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006108","name":"Kult\u00farna a Edukacn\u00e1 Grantov\u00e1 Agent\u00fara M\u0160VVa\u0160 SR","doi-asserted-by":"publisher","award":["011TUKE4\/2020"],"award-info":[{"award-number":["011TUKE4\/2020"]}],"id":[{"id":"10.13039\/501100006108","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>This paper aims to explore the cyber-deception-based approach and to design a novel conceptual model of hybrid threats that includes deception methods. Security programs primarily focus on prevention-based strategies aimed at stopping attackers from getting into the network. These programs attempt to use hardened perimeters and endpoint defenses by recognizing and blocking malicious activities to detect and stop attackers before they can get in. Most organizations implement such a strategy by fortifying their networks with defense-in-depth through layered prevention controls. Detection controls are usually placed to augment prevention at the perimeter, and not as consistently deployed for in-network threat detection. This architecture leaves detection gaps that are difficult to fill with existing security controls not specifically designed for that role. Rather than using prevention alone, a strategy that attackers have consistently succeeded against, defenders are adopting a more balanced strategy that includes detection and response. Most organizations deploy an intrusion detection system (IDS) or next-generation firewall that picks up known attacks or attempts to pattern match for identification. Other detection tools use monitoring, traffic, or behavioral analysis. These reactive defenses are designed to detect once they are attacked yet often fail. They also have some limitations because they are not designed to catch credential harvesting or attacks based on what appears as authorized access. They are also often seen as complex and prone to false positives, adding to analyst alert fatigue. The security industry has focused recent innovation on finding more accurate ways to recognize malicious activity with technologies such as user and entity behavioral analytics (UEBA), big data, artificial intelligence (AI), and deception.<\/jats:p>","DOI":"10.3390\/sym13040597","type":"journal-article","created":{"date-parts":[[2021,4,3]],"date-time":"2021-04-03T22:03:36Z","timestamp":1617487416000},"page":"597","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":81,"title":["Threat Defense: Cyber Deception Approach and Education for Resilience in Hybrid Threats Model"],"prefix":"10.3390","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2852-9403","authenticated-orcid":false,"given":"William","family":"Steingartner","sequence":"first","affiliation":[{"name":"Faculty of Electrical Engineering and Informatics, Technical University of Ko\u0161ice, Letn\u00e1 9, 042 00 Ko\u0161ice, Slovakia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4465-6143","authenticated-orcid":false,"given":"Darko","family":"Galinec","sequence":"additional","affiliation":[{"name":"Department of Informatics and Computing, Zagreb University of Applied Sciences, Vrbik 8, 10000 Zagreb, Croatia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3023-2887","authenticated-orcid":false,"given":"Andrija","family":"Kozina","sequence":"additional","affiliation":[{"name":"Dr. Franjo Tu\u0111man Croatian Defence Academy, 256b Ilica Street, 10000 Zagreb, Croatia"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2021,4,3]]},"reference":[{"key":"ref_1","unstructured":"MEGA International (2021). Business Resilience, How Strategic Planning and Enterprise Architecture Help Companies Successfully Rebound from a Crisis, MEGA International. White Paper."},{"key":"ref_2","unstructured":"(2021, March 22). How COVID-19 Has Pushed Companies over the Technology Tipping Point\u2014And Transformed Business Forever. Available online: https:\/\/www.mckinsey.com\/business-functions\/strategy-and-corporate-finance\/our-insights\/how-COVID-19-has-pushed-companies-over-the-technology-tipping-point-and-transformed-business-forever."},{"key":"ref_3","unstructured":"Contu, R., Driver, M., Kim, E., Wheeler, J.A., Smith, N., Pingree, L., and Rakheja, S. (2021, March 22). Emerging Technologies and Trends Impact Radar: Security. Available online: https:\/\/www.gartner.com\/en\/documents\/3991219\/emerging-technologies-and-trends-impact-radar-security."},{"key":"ref_4","unstructured":"Pingree, L., Smith, N., Kim, E., Wheeler, J.A., Contu, R., Ahlm, E., and Driver, M. (2021, March 22). Emerging Technologies and Trends Impact Radar: Security. Available online: https:\/\/www.gartner.com\/en\/documents\/3975191\/emerging-technologies-and-trends-impact-radar-security."},{"key":"ref_5","unstructured":"(2021, March 22). What Is XDR?. Available online: https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-xdr."},{"key":"ref_6","unstructured":"Crandall, C., and Salazar, J. (2019). Deception Based Threat Deception: Shifting Power to the Defenders, Attivo Networks, Inc."},{"key":"ref_7","unstructured":"(2020, January 7\u20139). NATO Communications and Information Agency (NCIA) and AFCEA TechNet. Proceedings of the International: NITEC \u201916\u2014The NCI Agency Industry Conference and AFCEA TechNet International, Tallinn, Estonia. Available online: https:\/\/docplayer.net\/55237431-Ncia-business-opportunities-cyber-security.html."},{"key":"ref_8","first-page":"6098","article-title":"Honeypots: The Need of Network Security","volume":"5","author":"Kambow","year":"2014","journal-title":"Int. J. Comput. Sci. Inf. Technol. (IJCSIT)"},{"key":"ref_9","unstructured":"Scottberg, B., Yurcik, W., and Doss, D. (2002, January 6\u20138). Internet honeypots: Protection or entrapment?. Proceedings of the IEEE 2002 International Symposium on Technology and Society (ISTAS\u201902). Social Implications of Information and Communication Technology, Raleigh, NC, USA."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Almeshekah, M.H., and Spafford, E.H. (2014, January 15\u201318). Planning and Integrating Deception into Computer Security Defenses. Proceedings of the 2014 New Security Paradigms Workshop, Victoria, BC, Canada. NSPW \u201914.","DOI":"10.1145\/2683467.2683482"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Virvilis, N., Vanautgaerden, B., and Serrano, O.S. (2014, January 3\u20136). Changing the game: The art of deceiving sophisticated attackers. Proceedings of the 2014 6th International Conference On Cyber Conflict (CyCon 2014), Tallinn, Estonia.","DOI":"10.1109\/CYCON.2014.6916397"},{"key":"ref_12","unstructured":"Cranfield University (2020, August 24). The National Cyber Deception Symposium, hosted by the UK MoD\u2019s Defence Academy and Defence Cyber School, Nov 6th, 2019, Shrivenham, Swindon, UK. Available online: https:\/\/www.cranfield.ac.uk\/events\/symposia\/cyber-d."},{"key":"ref_13","unstructured":"Crandall, C. (2021, March 22). The Evolution Of Cybersecurity. Available online: https:\/\/www.healthcareinfosecurity.com\/whitepapers\/deception-based-threat-detection-shifting-power-to-defenders-w-5780?highlight=true."},{"key":"ref_14","unstructured":"(2021, February 25). European External Action Service (EEAS): Food-for-thought Paper \u201cCountering Hybrid Threats\u201d. Available online: http:\/\/www.statewatch.org\/news\/2015\/may\/eeas-csdp-hybrid-threats-8887-15.pdf."},{"key":"ref_15","unstructured":"Ko\u0161i\u010diarov\u00e1, I., and K\u00e1dekov\u00e1, Z. (2017, January 1\u20132). The content and the form in public relations. Managerial Trends in the Development of Enterprises in Globalization Era. Proceedings of the 7th International Scientific Conference on Managerial Trends in the Development of Enterprises in Globalization Era (ICoM), Nitra, Slovakia."},{"key":"ref_16","unstructured":"(2021, February 25). The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE): EU Policy on Fighting Hybrid Threats. Available online: https:\/\/ccdcoe.org\/incyder-articles\/eu-policy-on-fighting-hybrid-threats."},{"key":"ref_17","unstructured":"The Cyber Security Hub\u2122: Information Technology and Services, London, UK, 2021"},{"key":"ref_18","unstructured":"Siedlecka-Lamch, O., Szymoniak, S., Kurkowski, M., and Fray, I.E. (2020, January 22\u201324). Towards Most Efficient Method for Untimed Security Protocols Verification. Proceedings of the 24th Pacific Asia Conference on Information Systems: Information Systems (IS) for the Future\u2014PACIS 2020, Dubai, United Arab Emirates."},{"key":"ref_19","unstructured":"Szymoniak, S. (2020). How to be on time with security protocol?. Societal Challenges in the Smart Society, Universidad de La Rioja."},{"key":"ref_20","unstructured":"Booz, A. (2021, February 25). 8 Cyber Threat Trends to Watch Out for in 2021. Available online: https:\/\/www.boozallen.com."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Yang, S., Wu, C., Zhang, Y., Wang, W., and Xie, W. (2019, January 19\u201323). Attack-Defense Utility Quantification Furthermore, Security Risk Assessment. Proceedings of the 2019 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (Smart-World\/SCALCOM\/UIC\/ATC\/CBDCom\/IOP\/SCI), Leicester, UK.","DOI":"10.1109\/SmartWorld-UIC-ATC-SCALCOM-IOP-SCI.2019.00263"},{"key":"ref_22","unstructured":"Roepke, W., and Thankey, H. (2021, February 28). Resilience: The First Line of Defence. Available online: https:\/\/www.nato.int\/docu\/review\/2019\/Also-in-2019\/resilience-the-first-line-of-defence\/EN\/index.htm."},{"key":"ref_23","first-page":"65","article-title":"Economic Crisis, Trust and Socio-Economic Aspects of Sustainable Development","volume":"8","author":"Kossecki","year":"2013","journal-title":"Probl. Ekorozwoju Probl. Sustain. Dev."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"567","DOI":"10.24818\/EA\/2020\/54\/567","article-title":"Importance of Technical and Business Skills for Future IT Professionals","volume":"22","year":"2020","journal-title":"Amfiteatru Econ."},{"key":"ref_25","unstructured":"Tokar\u010d\u00edkov\u00e1, E., \u010euri\u0161ov\u00e1, M., and Barto\u0161ov\u00e1, V. (2015, January 7\u20138). Corporate social responsibility of public administration employees. Proceedings of the 25th International Business Information Management Association Conference\u2014Innovation Vision 2020: From Regional Development Sustainability to Global Economic Growth, IBIMA 2015, Amsterdam, The Netherlands."},{"key":"ref_26","unstructured":"European Defence Agency (EDA) (2020). Strategic Research Agenda On Cyberdefence, EDA."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Schulze, M. (2020, January 26\u201329). Cyber in War: Assessing the Strategic, Tactical, and Operational Utility of Military Cyber Operations. Proceedings of the 12th International Conference on Cyber Conflict 20\/20 Vision: The Next Decade, Tallinn, Estonia.","DOI":"10.23919\/CyCon49761.2020.9131733"},{"key":"ref_28","unstructured":"Attivo Networks (2020). Threatdefend Platform Solution Overview, Attivo Networks."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Galinec, D., Steingartner, W., and Zebi\u0107, V. (2019, January 20\u201322). Cyber Rapid Response Team: An Option within Hybrid Threats. Proceedings of the 2019 IEEE 15th International Scientific Conference on Informatics, Poprad, Slovakia.","DOI":"10.1109\/Informatics47936.2019.9119292"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1109\/TBDATA.2017.2723570","article-title":"Big Data for Cybersecurity: Vulnerability Disclosure Trends and Dependencies","volume":"5","author":"Tang","year":"2019","journal-title":"IEEE Trans. Big Data"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Galinec, D., and Lui\u0107, L. (2019, January 28\u201330). Digital Security Perspectives and Engagement for Resilience in Information-Communication Environment. Proceedings of the 2019 3rd European Conference on Electrical Engineering and Computer Science (EECS), Athens, Greece.","DOI":"10.1109\/EECS49779.2019.00032"},{"key":"ref_32","first-page":"14","article-title":"Resilience Is Key","volume":"9","author":"Galinec","year":"2018","journal-title":"Per Concordiam"},{"key":"ref_33","unstructured":"(2020, August 24). Counter Craft: Am I Ready for Cyber Deception? Gartner Hype Cycle for Security Operations. Available online: https:\/\/www.countercraftsec.com\/blog\/post\/am-i-ready-for-deception-technology."},{"key":"ref_34","unstructured":"Attivo Networks (2020). Attivo Networks Named as a Sample Vendor in Gartner Hype Cycle for Security Operations 2020, Attivo Networks, Inc."},{"key":"ref_35","first-page":"12","article-title":"The Nature and Content of a New-Generation War","volume":"22","author":"Chekinov","year":"2013","journal-title":"Mil. Thought"},{"key":"ref_36","unstructured":"(2021, March 22). Case Study: A View of Deception Technology in Security Testing. Available online: https:\/\/www.bankinfosecurity.com\/whitepapers\/case-study-view-deception-technology-in-security-testing-w-5785."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1","DOI":"10.46799\/syntax-idea.v3i1.860","article-title":"Indonesia\u2019s Cyber Defense Strategy in mitigating the Risk of Cyber Warfare Threats","volume":"3","author":"Permana","year":"2021","journal-title":"Syntax Idea"},{"key":"ref_38","unstructured":"Crandall, C. (2021, March 22). How Security Teams are Turning to Decoy Networks. Available online: https:\/\/attivonetworks.com\/how-security-teams-are-turning-to-decoy-networks."},{"key":"ref_39","unstructured":"Attivo Networks (2018). The Role of Deception Technology in Security Penetration Testing, Attivo Networks, Inc."},{"key":"ref_40","first-page":"129","article-title":"Hrvatsko vojno u\u010dili\u0161te\u2014Ustroj i uloga","volume":"12","author":"Kozina","year":"2013","journal-title":"Anali za Povijest Odgoja"},{"key":"ref_41","first-page":"131","article-title":"Kontekstualni pristup u\u010denju i pou\u010davanju u nastavi temeljnog tehni\u010dkog odgoja i obrazovanja","volume":"64","author":"Bezjak","year":"2015","journal-title":"\u0160kolski Vjesnik"},{"key":"ref_42","unstructured":"Committee on Armed Services Subcommittee on Oversight & Investigations (2010). Another Crossroads? Professional Military Education Two Decades After The Goldwaternichols Act and The Skelton Panel, U.S., House of Representatives."},{"key":"ref_43","unstructured":"North Atlantic Military Committee (2014). Military Decision On Mc 0458\/3 NATO Education, Training, Exercises Furthermore, Evaluation (ETEE) Policy."},{"key":"ref_44","unstructured":"Headquarters Department of the Army (2013). Army Leader Development Program, Department of the Army Pamphlet 350-5."},{"key":"ref_45","first-page":"158","article-title":"Conceptual Model of Information Security","volume":"Volume 188","author":"Pevnev","year":"2021","journal-title":"Integrated Computer Technologies in Mechanical Engineering\u20142020. ICTM 2020. Lecture Notes in Networks and Systems"},{"key":"ref_46","unstructured":"Glasser, W. (1994). Kvalitetna \u0160kola: \u0160kola bez Prisile, Educa."},{"key":"ref_47","first-page":"37","article-title":"Interkulturalne kompetencije vojnih nastavnika","volume":"17","author":"Kozina","year":"2013","journal-title":"Andrago\u0161ki Glas."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1080\/713698968","article-title":"Cyber Pedagogy as Critical Social Practice in a Teacher Education Program","volume":"11","author":"Kapitzke","year":"2000","journal-title":"Teach. Educ."},{"key":"ref_49","unstructured":"Fountain, S. (1999). Education for Development\u2014A Teacher\u2019s Resource for Global Learning, Hodder & Stoughton."},{"key":"ref_50","unstructured":"Waitt, T. (2021, March 22). No Nonsense Cyber Threat Detection Made Simple with Deception. Available online: https:\/\/americansecuritytoday.com\/no-nonsense-cyber-threat-detection-made-simple-with-deception."},{"key":"ref_51","unstructured":"Lance, W. (2021, March 22). Debunking the Myths of Deception Technology. Available online: https:\/\/www.networkcomputing.com\/network-security\/debunking-myths-deception-technology."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"e5209","DOI":"10.1002\/cpe.5209","article-title":"Locating and accessing large datasets using Flower Index Approach","volume":"32","author":"Kvet","year":"2019","journal-title":"Concurr. Comput. Pract. Exp."},{"key":"ref_53","unstructured":"Mandiant (2021, March 28). Red Team Operations (RTO): Test Your Ability to Protect Your Most Critical Assets from a Real-World Targeted Attack. Available online: https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/services\/pdfs\/pf\/ms\/ds-red-team-operations.pdf."},{"key":"ref_54","first-page":"119","article-title":"A testbed based on survivability for comparing threat evaluation algorithms","volume":"Volume 7352","author":"Mott","year":"2009","journal-title":"Intelligent Sensing, Situation Management, Impact Assessment, and Cyber-Sensing"},{"key":"ref_55","unstructured":"Galinec, D., and Macanga, D. (2012, January 7\u20139). Observe, Orient, Decide and Act Cycle and Pattern-Based Strategy: Characteristics and Complementation. Proceedings of the Central European Conference on Information and Intelligent Systems\u2014CECIIS, 23rd International Conference, Vara\u017edin, Croatia."},{"key":"ref_56","first-page":"39","article-title":"A Look at Observe, Orient, Decide and Act Feedback Loop, Pattern-Based Strategy and Network Enabled Capability for Organizations Adapting to Change","volume":"13","author":"Galinec","year":"2013","journal-title":"Acta Electrotech. Et Inform."},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Colarik, A., and Janczewski, L. (2015). Establishing Cyber Warfare Doctrine. Current and Emerging Trends in Cyber Operations, Palgrave Macmillan.","DOI":"10.1057\/9781137455550_3"},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"270","DOI":"10.1080\/14702436.2016.1187568","article-title":"The cyber conceptual framework for developing military doctrine","volume":"16","author":"Ormrod","year":"2016","journal-title":"Def. Stud."},{"key":"ref_59","unstructured":"Shoard, P. (2020). Hype Cycle for Security Operations, Gartner, Inc.. Available online: https:\/\/www.gartner.com\/en\/documents\/3986721\/hype-cycle-for-security-operations-2020."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/4\/597\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,13]],"date-time":"2025-10-13T13:58:16Z","timestamp":1760363896000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/4\/597"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,3]]},"references-count":59,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,4]]}},"alternative-id":["sym13040597"],"URL":"https:\/\/doi.org\/10.3390\/sym13040597","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,3]]}}}