Abstract
In today's modern society, the increasing demands for connectivity and
accessibility place computers in ever larger internetworks. As more
and more computers become globally accessible, the number of threats
from random and targeted attacks rise rapidly. To counter known and
unknown threats, various technologies and concepts are employed as
defensive measures. One concept that is in rising popularity is
computer deception, the subject of this thesis.
The field of computer deception is characterized by fragmentation and
is lacking unified definitions and methods. This thesis has reviewed
five deception paradigms, in order to build a descriptive theory that
is used for understanding the concept of computer deception. The
border between human deception and computer deception is investigated.
The thesis concludes that computer deception for defense rarely can be
seen as a field unrelated to human deception. When attacker tools are
targeted for deception, they are only intermediary steps on the way to
a human attacker. This makes the core issues of computer deception a
matter of psychology, not technology. Computer specialists without
knowledge of psychology do not have the expertise necessary for
estimating the consequences of deceptions on human attackers.