Abstract
Presently, cyber defense heavily relies on human network analysts who must detect and investigate potential suspicious activity, a demanding, fatiguing process that takes a heavy toll on human operators. Given the criticality of these operators to cyber defense, research is needed to investigate and mitigate the sources of those challenges. Currently, few cyber-focused synthetic task environments (STEs) exist, and those that do are not well suited to investigate the problems of network analysts. Therefore, a new cyber STE focused on network analysts called the Air Force Cyber Intruder Alert Testbed (CIAT) was developed. This STE was designed to emulate key functions of Enterprise-level cyber defense platforms. Specifically, CIAT simulates a network analyst environment, including an intrusion detection system, signature database, packet capture software, and network list. The purpose of this paper is to describe the development and validation of the CIAT STE.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Maybury, M.: Toward the assured cyberspace advantage: air force cyber vision 2025. IEEE Secur. Priv. 13, 49–56 (2015)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS): Recommendations of the National Institute of Standards and Technology. Special Publication vol. 800, p. 94, National Institute of Standards and Technology (2007)
D’Amico, A., Whitley, K.: The real work of computer network defense analysts: the analysis roles and processes that transform network data in to security situation awareness. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security, pp. 19–37. Springer-Verlag, Heidelberg (2007)
Champion, M.A., Rajivan, P., Cooke, N.J., Jariwala, S.: Team-based cyber defense analysis. In: Proceedings of the 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 218–221. IEEE Press, New York (2012)
Dye, G.: Using IMPRINT to Guide Experimental Design of Simulated Task Environments. Technical Report AFIT-ENG-MS-15-J-052. The Air Force Institute of Technology (In press)
Chappelle, W., McDonald, K., Christensen, J., Prince, L., Goodman, T., Thompson, W., Hayes, W.: Sources of Occupational Stress and Prevalence of Burnout and Clinical Distress among U.S. Air Force Cyber Warfare Operators. Technical Report AFRL-SA-WP-TR-2013-0006. Air Force Research Laboratory (2013)
Mancuso, V.F., Greenlee, E.T., Funke, G., Dukes, A., Menke, L., Brown, R., Miller, B.: Augmenting cyber defender performance and workload through sonified displays. Procedia Manuf. 3, 5214–5221 (2015)
Sawyer, B.D., Finomore, V.S., Funke, G.J., Mancuso, V.F., Funke, M.E., Matthews, G., Warm, J.S.: Cyber vigilance: effects of signal probability and event rate. In: 58th Proceedings of the Human Factors and Ergonomics Society Annual Meeting, pp. 1771–1775. Sage Publications, Thousand Oaks (2014)
Greenlee, E.T., Funke, G.J., Sawyer, B.D., Finomore, V.S., Mancuso, V.F., Funke, M.E., Matthews, G., Warm, J.S.: Stress and workload of network analysis: not all tasks are created equal. In: Proceedings of the 7th International Conference on Applied Human Factors and Ergonomics (in press)
Comstock, J.R., Arnegard, R.J.: The Multi-Attribute Task Battery for Human Operator Workload and Strategic Behavior Research. NASA Technical Memorandum 104174. National Aeronautics and Space Administration (1992)
Cooke, N., Shope, S.: Designing a synthetic task environment. In: Schiflett, S.G., Elliott, L.R., Salas, E., Coovert, M.D. (eds.) Scaled Worlds: Development, Validation, and Application, pp. 263–278. Ashgate, Burlington (2004)
Rajivan, P.: CyberCog: A synthetic task environment for measuring cyber situation awareness. Unpublished Doctoral dissertation, Arizona State University (2011), https://repository.asu.edu/attachments/56877/content/Rajivan_asu_0010N_10845.pdf
Mancuso, V.F., Minotra, D., Giacobe, N., McNeese, M., Tyworth, M.: idsNETS: An experimental platform to study situation awareness for intrusion detection analysts. In: Proceedings of the 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 73–79. IEEE Press, New York (2012)
Samms, C.: Improved performance research integration tool (IMPRINT): human performance modeling for improved system design. In: Proceedings of the 2010 Human Factors and Ergonomics Society Annual Meeting, pp. 624–625. Sage, Thousand Oaks
McCracken, J.H., Aldrich, T.B.: Analyses of Selected LHX Mission Functions: Implications for Operator Workload and System Automation Goals. Technical Report No. ASI479-024-84. U.S. Army Research Institute for the Social and Behavioral Sciences (1984)
Bierbaum, C.R., Szabo, S.M., Aldrich, T.B.: Task Analysis of the UH-60 Mission and Decision Rules for Developing a UH-60 Workload Prediction Model: Volume 1: Summary report. Technical Report No. ASI690-302-87. U.S. Army Research Institute for the Social and Behavioral Sciences (1989)
Wickens, C.D.: Multiple Resources and Performance Prediction. Theor. Issues Ergon. Sci. 3, 159–177 (2002)
James, G., Witten, D., Hastie, T., Tibshirani, R.: An Introduction to Statistical Learning with Applications in R, 1st edn. Springer, New York (2013)
Hart, S.G., Staveland, L.E.: Development of a multi-dimensional workload scale: results of empirical and theoretical research. In: Hancock, P.A., Meshkati, N. (eds.) Human Mental Workload, pp. 139–183. North-Holland, Amsterdam (1988)
Vieane, A., Funke, G., Mancuso, V., Greenlee, E., Dye, G., Borghetti, B., Miller, B., Menke, L., Brown, R.: Coordinated displays to assist cyber defenders. In: 60th Proceedings of the Human Factors and Ergonomics Society Annual Meeting. Sage Publications, Thousand Oaks (in press)
Acknowledgmentss
This project was supported by grant no. F4FGA05076J003 from the Air Force Office of Scientific Research (Benjamin Knott, Program Officer).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Funke, G. et al. (2016). Development and Validation of the Air Force Cyber Intruder Alert Testbed (CIAT). In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-41932-9_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-41931-2
Online ISBN: 978-3-319-41932-9
eBook Packages: EngineeringEngineering (R0)