Deception and Counterdeception

Course Composition and Objectives

SRA 433 will introduce students to the deceitful use and manipulation of information using both technical and non-technical means. Such insight is necessary for understanding how to study and anticipate (ie., “counter”) deception, and thereby control risk. It is critical to understand the role deception and counterdeception plays in security in order to fully understand risk and properly implement security measures. Since deception is purely an information-based tactic and can be achieved through technological means, IST is best suited to offer this class. Future employers of IST students (such as the U.S. intelligence community) identified deception and counterdeception as essential subjects to be taught and studied by their workforce. Major Topics of the course include:

• Introduction
  • Introduction to deception and counterdeception
  • Historical deceptions
  • Philosophy of deception; doctrine
  • Deception in nature
• Fundamentals of Deception
  • Principles of deception
  • Cognitive aspects of deception, or why does deception work?
  • Deception vulnerability assessment
• Adversarial Deception
  • Technologies for deception
  • Social engineering
  • Deceptive practices in terrorism, cyber crime, etc.
• Defensive Deception
  • Deception in information protection
  • Deception in cyber and physical security
• Counterdeception
  • Principles of counterdeception
  • Non-technical approaches to counterdeception
  • Technical approaches to counterdeception
  • Counterdeception architectures and technologies
• Advanced Topics 
  • Deception detection in virtual communities
  • Deception in attacker target selection
  • Ethics of deception
• Instructors Choice: Instructors may choose topics and learning objectives that meet the spirit of the course as defined here. Instructors may choose to devote more time to the learning objectives listed above or to add additional, complimentary objectives. Supplementary material and objectives should not overlap with the defined content of other courses in the curriculum

Course Description

This course introduces deception and counterdeception and their role in support of security risk analyses in competitive environments. The course covers fundamental theories of deception, human cognition and its vulnerabilities to deception, and the vulnerabilities of technical collection systems and sensors to deception. The course discusses deceptive practices in use by attackers and defenders, including both non-technical and technical means. The course also provides experience applying technical and non-technical counterdeception techniques to security risk analysis problems.