Cyberdefense Adaptive Training Based on the Classification of Operator Cognitive State

Human Factors in Cybersecurity Pub Date : 1900-01-01 DOI:10.54941/ahfe1002202

Yvan Burguin, D. Espès, Philippe Rauffet, C. Chauvin, Philippe Le Parc

{"title":"Cyberdefense Adaptive Training Based on the Classification of Operator Cognitive State","authors":"Yvan Burguin, D. Espès, Philippe Rauffet, C. Chauvin, Philippe Le Parc","doi":"10.54941/ahfe1002202","DOIUrl":null,"url":null,"abstract":"To face the increasing number and the variety of cyberattacks, training and adaptation of cyberdefense operators become critical and should be managed all along their careers. Thus, it is necessary to develop adaptive training methods that are able to quickly detect operators' weaknesses and to propose a strategy to reinforce their skills on these points. This paper presents the choice of a cognitive model in order to guide the development of an adaptive training software. In this regard, the paper proposes a review of several elements that contributed to the development of the model.Cyberattacks are continuously increasing in variety and number, and therefore require a constant adaptation from the operator who must react to each attack with rapidity and efficiency. To face these changes, cyber operators must be trained regularly.This training aims to: 1) maintain knowledge of cyber operators up to date, 2) train cyber operators to use new tools and 3) allow cyber operators to appropriately react to new attacks.In this regard, adaptive training softwares support the training of cyberdefense operators in order to improve their performance in real conditions. To propose an adaptive training software, there are several requirements to satisfy such as an ecological environment, a system to adapt the training scenario autonomously and a way to assess the difficulties experienced by the trainee. To support this dynamic and customised adaptation of the training scenario, it is important to detect or predict when errors may occur. For this purpose, behavioural and physiological data can be used to assess the variations in performance and mental workload that can lead to an error. This paper deals with the choice of a cognitive model that could support the design of a software for adaptive training in the cyberdefense field. Such a model would allow us to understand the different cognitive processes used by the operator to perform tasks, and to identify the factors that could contribute to performance decrement. This model can then orient the selection of appropriate physiological and behavioural indicators to measure what parts of the task cause difficulty to the operator.","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"71 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Human Factors in Cybersecurity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54941/ahfe1002202","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

To face the increasing number and the variety of cyberattacks, training and adaptation of cyberdefense operators become critical and should be managed all along their careers. Thus, it is necessary to develop adaptive training methods that are able to quickly detect operators' weaknesses and to propose a strategy to reinforce their skills on these points. This paper presents the choice of a cognitive model in order to guide the development of an adaptive training software. In this regard, the paper proposes a review of several elements that contributed to the development of the model.Cyberattacks are continuously increasing in variety and number, and therefore require a constant adaptation from the operator who must react to each attack with rapidity and efficiency. To face these changes, cyber operators must be trained regularly.This training aims to: 1) maintain knowledge of cyber operators up to date, 2) train cyber operators to use new tools and 3) allow cyber operators to appropriately react to new attacks.In this regard, adaptive training softwares support the training of cyberdefense operators in order to improve their performance in real conditions. To propose an adaptive training software, there are several requirements to satisfy such as an ecological environment, a system to adapt the training scenario autonomously and a way to assess the difficulties experienced by the trainee. To support this dynamic and customised adaptation of the training scenario, it is important to detect or predict when errors may occur. For this purpose, behavioural and physiological data can be used to assess the variations in performance and mental workload that can lead to an error. This paper deals with the choice of a cognitive model that could support the design of a software for adaptive training in the cyberdefense field. Such a model would allow us to understand the different cognitive processes used by the operator to perform tasks, and to identify the factors that could contribute to performance decrement. This model can then orient the selection of appropriate physiological and behavioural indicators to measure what parts of the task cause difficulty to the operator.

查看原文本刊更多论文

基于操作者认知状态分类的网络防御自适应训练

面对日益增多、种类繁多的网络攻击，网络防御操作人员的培训和适应变得至关重要，应贯穿其整个职业生涯。因此，有必要开发适应性训练方法，能够快速发现操作员的弱点，并提出策略来加强他们在这些方面的技能。本文提出了认知模型的选择，以指导自适应训练软件的开发。在这方面，本文建议对促进该模型发展的几个要素进行审查。网络攻击的种类和数量都在不断增加，因此需要运营商不断适应，他们必须快速有效地应对每次攻击。为了应对这些变化，网络运营者必须定期接受培训。该培训旨在:1)保持网络操作员的最新知识，2)培训网络操作员使用新工具，3)允许网络操作员对新的攻击做出适当的反应。在这方面，自适应培训软件支持网络防御操作员的培训，以提高他们在真实条件下的表现。要提出一种适应性培训软件，需要满足以下几个要求:生态环境、自主适应培训场景的系统以及评估受训者所经历的困难的方法。为了支持这种动态和定制的训练场景适应，重要的是要检测或预测何时可能发生错误。为此目的，行为和生理数据可用于评估可能导致错误的表现和精神负荷的变化。本文讨论了一种认知模型的选择，该模型可以支持网络防御领域自适应训练软件的设计。这样的模型将使我们能够理解操作员在执行任务时使用的不同认知过程，并确定可能导致性能下降的因素。然后，该模型可以确定选择适当的生理和行为指标的方向，以衡量任务的哪些部分对操作者造成了困难。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Human Factors in Cybersecurity

自引率

0.00%

发文量