A Human-Centric Cyber Security Training Tool for Prioritizing MSNAs

Vincent Depassier, Romina Torres

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Analysts in cyber security are responsible for monitoring and responding to security incidents in computer systems. They constantly need to acquire sophisticated skills to detect and mitigate sophisticated attacks such as multi-stage and multi-step network attacks (MSNA) that can long hours, days and even months. Unfortunately, there is a lack of MSNA datasets where cyber security analyst can train themselves about this matter. Moreover, its inherent complexity makes very difficult to cyber security analysts to detect them just reading logs. This work presents a human-centric approach to create simulations for training cyber security analysts about detecting and prioritizing concurrent MSNAs. Thus, we hypothesize that using this approach, cyber security analysts will do these tasks better and/or faster than using the outputs of Intrusion detection systems. To do this, we have designed and implemented NetWars to simulate concurrent MSNAs for training cybersecurity analysts. The MSNAs were obtained from the CTF22 of the DEFCON where highly skilled teams attack and defend themselves during three days. Results are encouraging. During the training, cyber security analysts receive multiple concurrent MSNAs from 19 different attackers, where the trainee must decide which attack to prioritize for mitigation given that she has limited resources. The tool's adoption also yielded a remarkable 95 % success rate in generating accurate answers. The usability of the NetWar s prototype was highlighted by the users.

Original languageEnglish
Title of host publicationProceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages54-61
Number of pages8
ISBN (Electronic)9798350330328
DOIs
StatePublished - 2023
Externally publishedYes
Event38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023 - Echternach, Luxembourg
Duration: 11 Sep 202315 Sep 2023

Publication series

NameProceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023

Conference

Conference38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023
Country/TerritoryLuxembourg
CityEchternach
Period11/09/2315/09/23

Keywords

  • MSNA
  • gamification
  • human-centric cyber security
  • serious game
  • simulation

Fingerprint

Dive into the research topics of 'A Human-Centric Cyber Security Training Tool for Prioritizing MSNAs'. Together they form a unique fingerprint.

Cite this