Skip to main content
SpringerLink
Log in

Development and Validation of the Air Force Cyber Intruder Alert Testbed (CIAT)

  • Conference paper
  • First Online:
Book cover Advances in Human Factors in Cybersecurity

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 501))

Abstract

Presently, cyber defense heavily relies on human network analysts who must detect and investigate potential suspicious activity, a demanding, fatiguing process that takes a heavy toll on human operators. Given the criticality of these operators to cyber defense, research is needed to investigate and mitigate the sources of those challenges. Currently, few cyber-focused synthetic task environments (STEs) exist, and those that do are not well suited to investigate the problems of network analysts. Therefore, a new cyber STE focused on network analysts called the Air Force Cyber Intruder Alert Testbed (CIAT) was developed. This STE was designed to emulate key functions of Enterprise-level cyber defense platforms. Specifically, CIAT simulates a network analyst environment, including an intrusion detection system, signature database, packet capture software, and network list. The purpose of this paper is to describe the development and validation of the CIAT STE.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Maybury, M.: Toward the assured cyberspace advantage: air force cyber vision 2025. IEEE Secur. Priv. 13, 49–56 (2015)

    Article  Google Scholar 

  2. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS): Recommendations of the National Institute of Standards and Technology. Special Publication vol. 800, p. 94, National Institute of Standards and Technology (2007)

    Google Scholar 

  3. D’Amico, A., Whitley, K.: The real work of computer network defense analysts: the analysis roles and processes that transform network data in to security situation awareness. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security, pp. 19–37. Springer-Verlag, Heidelberg (2007)

    Google Scholar 

  4. Champion, M.A., Rajivan, P., Cooke, N.J., Jariwala, S.: Team-based cyber defense analysis. In: Proceedings of the 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 218–221. IEEE Press, New York (2012)

    Google Scholar 

  5. Dye, G.: Using IMPRINT to Guide Experimental Design of Simulated Task Environments. Technical Report AFIT-ENG-MS-15-J-052. The Air Force Institute of Technology (In press)

    Google Scholar 

  6. Chappelle, W., McDonald, K., Christensen, J., Prince, L., Goodman, T., Thompson, W., Hayes, W.: Sources of Occupational Stress and Prevalence of Burnout and Clinical Distress among U.S. Air Force Cyber Warfare Operators. Technical Report AFRL-SA-WP-TR-2013-0006. Air Force Research Laboratory (2013)

    Google Scholar 

  7. Mancuso, V.F., Greenlee, E.T., Funke, G., Dukes, A., Menke, L., Brown, R., Miller, B.: Augmenting cyber defender performance and workload through sonified displays. Procedia Manuf. 3, 5214–5221 (2015)

    Article  Google Scholar 

  8. Sawyer, B.D., Finomore, V.S., Funke, G.J., Mancuso, V.F., Funke, M.E., Matthews, G., Warm, J.S.: Cyber vigilance: effects of signal probability and event rate. In: 58th Proceedings of the Human Factors and Ergonomics Society Annual Meeting, pp. 1771–1775. Sage Publications, Thousand Oaks (2014)

    Google Scholar 

  9. Greenlee, E.T., Funke, G.J., Sawyer, B.D., Finomore, V.S., Mancuso, V.F., Funke, M.E., Matthews, G., Warm, J.S.: Stress and workload of network analysis: not all tasks are created equal. In: Proceedings of the 7th International Conference on Applied Human Factors and Ergonomics (in press)

    Google Scholar 

  10. Comstock, J.R., Arnegard, R.J.: The Multi-Attribute Task Battery for Human Operator Workload and Strategic Behavior Research. NASA Technical Memorandum 104174. National Aeronautics and Space Administration (1992)

    Google Scholar 

  11. Cooke, N., Shope, S.: Designing a synthetic task environment. In: Schiflett, S.G., Elliott, L.R., Salas, E., Coovert, M.D. (eds.) Scaled Worlds: Development, Validation, and Application, pp. 263–278. Ashgate, Burlington (2004)

    Google Scholar 

  12. Rajivan, P.: CyberCog: A synthetic task environment for measuring cyber situation awareness. Unpublished Doctoral dissertation, Arizona State University (2011), https://repository.asu.edu/attachments/56877/content/Rajivan_asu_0010N_10845.pdf

  13. Mancuso, V.F., Minotra, D., Giacobe, N., McNeese, M., Tyworth, M.: idsNETS: An experimental platform to study situation awareness for intrusion detection analysts. In: Proceedings of the 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 73–79. IEEE Press, New York (2012)

    Google Scholar 

  14. Samms, C.: Improved performance research integration tool (IMPRINT): human performance modeling for improved system design. In: Proceedings of the 2010 Human Factors and Ergonomics Society Annual Meeting, pp. 624–625. Sage, Thousand Oaks

    Google Scholar 

  15. McCracken, J.H., Aldrich, T.B.: Analyses of Selected LHX Mission Functions: Implications for Operator Workload and System Automation Goals. Technical Report No. ASI479-024-84. U.S. Army Research Institute for the Social and Behavioral Sciences (1984)

    Google Scholar 

  16. Bierbaum, C.R., Szabo, S.M., Aldrich, T.B.: Task Analysis of the UH-60 Mission and Decision Rules for Developing a UH-60 Workload Prediction Model: Volume 1: Summary report. Technical Report No. ASI690-302-87. U.S. Army Research Institute for the Social and Behavioral Sciences (1989)

    Google Scholar 

  17. Wickens, C.D.: Multiple Resources and Performance Prediction. Theor. Issues Ergon. Sci. 3, 159–177 (2002)

    Article  Google Scholar 

  18. James, G., Witten, D., Hastie, T., Tibshirani, R.: An Introduction to Statistical Learning with Applications in R, 1st edn. Springer, New York (2013)

    Book  MATH  Google Scholar 

  19. Hart, S.G., Staveland, L.E.: Development of a multi-dimensional workload scale: results of empirical and theoretical research. In: Hancock, P.A., Meshkati, N. (eds.) Human Mental Workload, pp. 139–183. North-Holland, Amsterdam (1988)

    Chapter  Google Scholar 

  20. Vieane, A., Funke, G., Mancuso, V., Greenlee, E., Dye, G., Borghetti, B., Miller, B., Menke, L., Brown, R.: Coordinated displays to assist cyber defenders. In: 60th Proceedings of the Human Factors and Ergonomics Society Annual Meeting. Sage Publications, Thousand Oaks (in press)

    Google Scholar 

Download references

Acknowledgmentss

This project was supported by grant no. F4FGA05076J003 from the Air Force Office of Scientific Research (Benjamin Knott, Program Officer).

Author information

Authors and Affiliations

  1. Air Force Research Laboratory, Wright-Patterson Afb, OH, USA

    Gregory Funke, Gregory Dye & Brent Miller

  2. Air Force Institute of Technology, Wright-Patterson Afb, OH, USA

    Brett Borghetti

  3. MIT Lincoln Laboratory, Lexington, MA, USA

    Vincent Mancuso

  4. National Research Council Research Associateship Program, Dayton, OH, USA

    Eric Greenlee

  5. Ball Aerospace & Technologies Corporation, Fairborn, OH, USA

    Lauren Menke & Rebecca Brown

  6. Colorado State University, Fort Collins, CO, USA

    Alex Vieane

Authors
  1. Gregory Funke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gregory Dye
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Brett Borghetti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincent Mancuso
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Eric Greenlee
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Brent Miller
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Lauren Menke
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Rebecca Brown
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Alex Vieane
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gregory Funke .

Editor information

Editors and Affiliations

  1. Soar Technology, Inc. , Orlando, USA

    Denise Nicholson

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Funke, G. et al. (2016). Development and Validation of the Air Force Cyber Intruder Alert Testbed (CIAT). In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-41932-9_30

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-41931-2

  • Online ISBN: 978-3-319-41932-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation