Deception for Cyber Defense Research

The Intelligence Advanced Research Projects Activity (IARPA) is seeking information on research efforts in the area of deception for cyber defense. This request for information (RFI) is issued solely for information gathering and planning purposes; this RFI does not constitute a formal solicitation for proposals. The following sections of this announcement contain details of the scope of technical efforts of interest, along with instructions for the submission of responses.

Background & Scope

Historically, denial and deception (D&D) has been used by militaries for defense, whether it be to instill uncertainty, or to provide misinformation. D&D can also be looked at similarly for increasing cyber defense posture and resiliency. Adapting D&D to support the engagement of cyber adversaries is a concept that has been gaining momentum, although, the current state of research and practice is still immature: many techniques lack rigorous experimental measures of effectiveness, information is insufficient to determine how defensive deception changes attacker behavior or how deception increases the likeliness of early detection of a cyber attack. For present purposes, “deception” is the deliberate action taken by a cyber defender to mislead and gain an advantage over a cyber adversary through a variety of tactics such as manipulation, distortion, or falsification of evidence.
The purpose of this RFI is to identify existing capabilities and emerging methods related to deception for cyber defense and approaches for assessing the performance of these methods.

Responses to this RFI should answer any or all of the following questions:
  1. Existing Deception Methods
    1. What are the existing methods for deception to support cyber defense? Provide specific examples (capability names and references) that implement these methods. What are the limitations of these methods? Are these methods fully automated or do they require human operation?
    2. What is/are the main goal(s) of deception activities for the capabilities provided in 1.a (e.g.,threat intelligence/observation, deterrence, delay, confuse, misinform, redirect, denial, detection, frustration, etc.)? Please describe all that apply.
    3. What types of deception does the research/capability identified in 1.a investigate and employ (e.g., denial through blocking/blacklisting/firewalling, detection, decoys, honey pot/traps/nets, honey tokens/fakes/misrepresentations/forgeries, etc.)? Please describe all that apply.
    4. Where in the cyber kill chain does the research or capabilities identified in 1.a focus and where does it have the greatest impact (reconnaissance, weaponize, deliver, exploit, install, command, act, etc.)? Please describe all that apply.
    5. What are the primary target(s) of interest of relevant research/capabilities (e.g., network, data, user spaces, kernel, mobile/wireless, etc.)? Please describe all that apply.
    6. What methods or research exists for influencing cyber attackers? Do any of them leverage game theory or related concepts?
  2. Test and Evaluation of Methods
    1. What metrics and evaluation methods do you employ in your research or for your deception capability?
    2. How accurate are these methods? What approaches have been used to validate or assess the accuracy and/or usefulness of these methods? What are their strengths and limitations?
    3. What environments were used to evaluate these methods?
    4. More generally, how can these approaches be evaluated, given practical limits to study duration and cost?
    5. Were human science researchers used for evaluation? What specific approaches leveraged human subjects for research and evaluation?
  3. Emerging Methods
    1. What novel methods could be developed/expanded or adapted to improve or replace existing methods for deception to support cyber defense?
    2. What recent or underappreciated publications and technical developments are of critical relevance to the development, improvement, or evaluation of deception for cyber defense?
  4. Organizational/Services Information
    1. How long has your organization been engaged in deception research or capability development?
    2. Is your technology integrated with adjacent deception technology solutions? If yes, please specify the type of adjacent deception capability.
    3. Please provide references to research publications and/or cases which demonstrate the utility and application of your research/capability.
    4. Do you provide courses or customer education products related to deception management?

The responses to this RFI may be used to support a one-day workshop on deception for cyber defense. An expected result for such a workshop is the identification of promising areas for research investment.

Preparation Instructions to Respondants

IARPA requests that respondents submit ideas related to this topic for use by the Government in formulating a potential program. IARPA requests that submittals answer questions concisely, briefly and clearly describe the potential approach or concept, outline critical technical issues/obstacles, describe how the approach may address those issues/obstacles and comment on the expected performance and robustness of the proposed approach. If appropriate, respondents may also choose to provide a non-proprietary rough order of magnitude (ROM) estimate regarding what such approaches might require in terms of funding and other resources for one or more years. This announcement contains all of the information required to submit a response. No additional forms, kits, or other materials are needed.

IARPA appreciates responses from all capable and qualified sources from within and outside of the US. Because IARPA is interested in an integrated approach, responses from teams with complementary areas of expertise are encouraged.

Responses have the following formatting requirements:
  1. A one page cover sheet that identifies the title, organization(s), respondent's technical and administrative points of contact - including names, addresses, phone and fax numbers, and email addresses of all co-authors, and clearly indicating its association with RFI-16-07;
  2. A substantive, focused, one-half page executive summary;
  3. A description (limited to 5 pages in minimum 12 point Times New Roman font, appropriate for singlesided,single-spaced 8.5 by 11 inch paper, with 1-inch margins) of the technical challenges, answers to RFI questions, and suggested approach(es);
  4. A list of citations (any significant claims or reports of success must be accompanied by citations);
  5. Optionally, a single overview briefing chart graphically depicting the key ideas.

Submission Instructions to Respondants

Responses to this RFI are due no later than 4:00 p.m., Eastern Time, on July 01, 2016. All submissions must be electronically submitted to as a PDF document. Inquiries to this RFI must be submitted to Do not send questions with proprietary content. No telephone inquiries will be accepted.

Disclaimers and Important Notes

This is an RFI issued solely for information and planning purposes and does not constitute a solicitation. Respondents are advised that IARPA is under no obligation to acknowledge receipt of the information received, or provide feedback to respondents with respect to any information submitted under this RFI.
Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Respondents are solely responsible for all expenses associated with responding to this RFI. IARPA will not provide reimbursement for costs incurred in responding to this RFI. It is the respondent's responsibility to ensure that the submitted material has been approved for public release by the information owner. The Government does not intend to award a contract on the basis of this RFI or to otherwise pay for the information solicited, nor is the Government obligated to issue a solicitation based on responses received. Neither proprietary nor classified concepts or information should be included in the submittal. Input on technical aspects of the responses may be solicited by IARPA from non-Government consultants/experts who are bound by appropriate non-disclosure requirements.

Contracting Office Address:

Office of the Director of National Intelligence
Intelligence Advanced Research Projects Activity
Washington, District of Columbia 20511
United States

Primary Point of Contact:

Robert Rahmer
Intelligence Advanced Research Projects Activity


Posted Date: June 6, 2016
Responses Due: July 1, 2016