HackIT: A Human-in-the-Loop Simulation Tool for Realistic Cyber Deception Experiments

Deception, an art of making someone believe in something that is not true, may provide a promising real-time solution against cyber-attacks. In this paper, we propose a human-in-the-loop real-world simulation tool called HackIT, which could be configured to create different cyber-security scenarios involving deception. We discuss how researchers can use HackIT to create networks of different sizes; use deception and configure different webservers as honeypots; and, create any number of fictitious ports, services, fake operating systems, and fake files on honeypots. Next, we report a case-study involving HackIT where adversaries were tasked with stealing information from a simulated network over multiple rounds. In one condition in HackIT, deception occurred early; and, in the other condition, it occurred late. Results revealed that participants used different attack strategies across the two conditions. We discuss the potential of using HackIT in helping cyber-security teams understand adversarial cognition in the laboratory.