Cyber expert feedback: Experiences, expectations, and opinions about cyber deception

Human behavior is a critical, yet under-studied topic in cybersecurity. Among the techniques used for cyber defense, for cyber deception, a better understanding of human perception and behavior is crucial. To this point, the current study used a custom Deception Questionnaire to assess perceptions of cyber deception among experts. In this paper, we use a qualitative thematic analysis over the questionnaire responses, which provides a rich insight into the decision-making process of cyber attackers. Results reveal that experts were unlikely to expect deception, and upon encountering potential deception, a subset of attackers would increase and others decrease their attack activity in response. This work augments prior qualitative analyses indicating that cyber deception creates a psychological impact and behavioral change in cyber attackers. Results support the psychological impact and efficacy of deception to deter malicious actors and provide insights about how defenders might utilize deceptive strategies.