IOT honeynet for military deception and indications and warnings

Abstract

Honeyman, named for the American Revolutionary War spy and source of disinformation, is an IoT distributed deception platform (DDP), aka “honeynet”, based approach to military deception and indications and warning (I&W) generation. While DDP approaches have evolved from single honeypots to complex network architectures and have resolved previous challenges associated with revealing a DDP’s signature or “fingerprint” including virtual device information, and therefore have become applicable for IoT uses, these approaches are still bounded in their application to cybersecurity purposes only. For example, data positioned as cyber-bait is meant only to draw in a cyber attacker but not to influence a strategic level of decision-making such as military or national security decisions. Additionally, monitoring within the DDP gathers data to model attackers’ cyber behavior and patterns for explicit purpose of identifying new offensive cyber techniques and thwarting new attacks. Honeyman combines a proxy military logistics and readiness reporting IoT comprised of a mixture of virtual and physical devices with non-cyber information operations for military deception and to stimulate nation-state adversary behavior within the DDP. A machine learning (ML)-based traffic analysis model leverages observations within the honeynet to forecast an adversary’s physical military activity thereby providing critical I&W. Further research is needed to optimize the combination of physical and virtual IoT devices for best deception performance, to evolve the tradecraft of dynamic cyber-bait, and to refine appropriate ML-based I&W models.