Abstract
Deception-based defense relies on deliberated actions to manipulate the attackers' perception of a system. It requires careful planning and application of multiple techniques to be effective. Therefore, deceptive strategies should be studied in isolation from the traditional security mechanisms. To support this goal, we develop DML, a visual language for deception modeling, offering three complementary views of deception: requirements model, deception tactics feature model, and deception strategy organizational. DML integrates goal-oriented requirements models and threat models to compose a comprehensive model considering the influences of developing deceptive mechanisms and the associated risks. The feasibility of DML is demonstrated via a tool prototype and a set of illustrative scenarios for a web system.