TY - GEN
T1 - A Human-Centric Cyber Security Training Tool for Prioritizing MSNAs
AU - Depassier, Vincent
AU - Torres, Romina
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Analysts in cyber security are responsible for monitoring and responding to security incidents in computer systems. They constantly need to acquire sophisticated skills to detect and mitigate sophisticated attacks such as multi-stage and multi-step network attacks (MSNA) that can long hours, days and even months. Unfortunately, there is a lack of MSNA datasets where cyber security analyst can train themselves about this matter. Moreover, its inherent complexity makes very difficult to cyber security analysts to detect them just reading logs. This work presents a human-centric approach to create simulations for training cyber security analysts about detecting and prioritizing concurrent MSNAs. Thus, we hypothesize that using this approach, cyber security analysts will do these tasks better and/or faster than using the outputs of Intrusion detection systems. To do this, we have designed and implemented NetWars to simulate concurrent MSNAs for training cybersecurity analysts. The MSNAs were obtained from the CTF22 of the DEFCON where highly skilled teams attack and defend themselves during three days. Results are encouraging. During the training, cyber security analysts receive multiple concurrent MSNAs from 19 different attackers, where the trainee must decide which attack to prioritize for mitigation given that she has limited resources. The tool's adoption also yielded a remarkable 95 % success rate in generating accurate answers. The usability of the NetWar s prototype was highlighted by the users.
AB - Analysts in cyber security are responsible for monitoring and responding to security incidents in computer systems. They constantly need to acquire sophisticated skills to detect and mitigate sophisticated attacks such as multi-stage and multi-step network attacks (MSNA) that can long hours, days and even months. Unfortunately, there is a lack of MSNA datasets where cyber security analyst can train themselves about this matter. Moreover, its inherent complexity makes very difficult to cyber security analysts to detect them just reading logs. This work presents a human-centric approach to create simulations for training cyber security analysts about detecting and prioritizing concurrent MSNAs. Thus, we hypothesize that using this approach, cyber security analysts will do these tasks better and/or faster than using the outputs of Intrusion detection systems. To do this, we have designed and implemented NetWars to simulate concurrent MSNAs for training cybersecurity analysts. The MSNAs were obtained from the CTF22 of the DEFCON where highly skilled teams attack and defend themselves during three days. Results are encouraging. During the training, cyber security analysts receive multiple concurrent MSNAs from 19 different attackers, where the trainee must decide which attack to prioritize for mitigation given that she has limited resources. The tool's adoption also yielded a remarkable 95 % success rate in generating accurate answers. The usability of the NetWar s prototype was highlighted by the users.
KW - MSNA
KW - gamification
KW - human-centric cyber security
KW - serious game
KW - simulation
UR - http://www.scopus.com/inward/record.url?scp=85178505823&partnerID=8YFLogxK
U2 - 10.1109/ASEW60602.2023.00012
DO - 10.1109/ASEW60602.2023.00012
M3 - Conference contribution
AN - SCOPUS:85178505823
T3 - Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023
SP - 54
EP - 61
BT - Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023
Y2 - 11 September 2023 through 15 September 2023
ER -