Does subnetting and port hardening influence human adversarial decisions? An investigation via a HackIT tool
Shashank Uttrani
Palvi Aggarwal
Varun Dutt- 1Applied Cognitive Science Laboratory (ACS Lab), Indian Institute of Technology Mandi, India
- 2Department of Computer Science, College of Engineering, University of Texas at El Paso, United States
Prior research in cyber deception has investigated the effectiveness of the timing of deception on human decisions using simulation tools. However, there exists a gap in the literature on how the availability of subnets and port-hardening influence human decisions to attack a system. We tested the influence of subnets and port-hardening on human attack decisions in a simulated environment using the HackIT tool. Availability of subnets (present/absent) within a network and port-hardening (easy-to-attack/hard-to-attack) were varied across four between-subject conditions (N = 30 in each condition): with-subnet with easy-to-attack, with-subnet with hard-to-attack, without-subnet with easy-to-attack, and without-subnet with hard-to-attack. In with-subnet conditions, 40 systems were connected in a hybrid topology network with ten subnets connected linearly, and each subnet contained four connected systems. In without-subnet conditions, all 40 systems were connected in a bus topology. In hard-to-attack (easy-to-attack) conditions, the probabilities of successfully attacking real systems and honeypots were kept low (high) and high (low), respectively. In an experiment, human participants were randomly assigned to one of the four conditions to attack as many real systems as possible and steal credit card information. Results revealed that subnets within a network and hardening the ports of systems in a network significantly influence human decisions to attack a real system and reduce attacks on real systems. Also, a higher proportion of honeypots were attacked in with-subnet conditions than without-subnet conditions. Moreover, a significantly lower proportion of real systems were attacked in the port-hardened condition. This research highlights the implications of subnetting and port-hardening with honeypots to reduce real system attacks. These findings are relevant in developing advanced intrusion detection systems trained on hackers’ behavior.
Keywords: cybersecurity, deception, Hacking, HackIT tool, Honeypot, Port hardening, Subnetting
Received: 16 Aug 2022;
Accepted: 30 May 2023.
Copyright: © 2023 Uttrani, Aggarwal and Dutt. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
* Correspondence: Mr. Shashank Uttrani, Applied Cognitive Science Laboratory (ACS Lab), Indian Institute of Technology Mandi, Kamand, India