Learning about simulated adversaries from human defenders using interactive cyber-defense games

IF 2.9 Q1 SOCIAL SCIENCES, INTERDISCIPLINARY
Baptiste Prebot, Yinuo Du, Cleotilde Gonzalez
{"title":"Learning about simulated adversaries from human defenders using interactive cyber-defense games","authors":"Baptiste Prebot, Yinuo Du, Cleotilde Gonzalez","doi":"10.1093/cybsec/tyad022","DOIUrl":null,"url":null,"abstract":"Abstract Given the increase in cybercrime, cybersecurity analysts (i.e. defenders) are in high demand. Defenders must monitor an organization’s network to evaluate threats and potential breaches into the network. Adversary simulation is commonly used to test defenders’ performance against known threats to organizations. However, it is unclear how effective this training process is in preparing defenders for this highly demanding job. In this paper, we demonstrate how to use adversarial algorithms to investigate defenders’ learning using interactive cyber-defense games. We created an Interactive Defense Game (IDG) that represents a cyber-defense scenario, which requires monitoring of incoming network alerts and allows a defender to analyze, remove, and restore services based on the events observed in a network. The participants in our study faced one of two types of simulated adversaries. A Beeline adversary is a fast, targeted, and informed attacker; and a Meander adversary is a slow attacker that wanders the network until it finds the right target to exploit. Our results suggest that although human defenders have more difficulty to stop the Beeline adversary initially, they were able to learn to stop this adversary by taking advantage of their attack strategy. Participants who played against the Beeline adversary learned to anticipate the adversary’s actions and took more proactive actions, while decreasing their reactive actions. These findings have implications for understanding how to help cybersecurity analysts speed up their training.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"2014 1","pages":"0"},"PeriodicalIF":2.9000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cybersecurity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/cybsec/tyad022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"SOCIAL SCIENCES, INTERDISCIPLINARY","Score":null,"Total":0}
引用次数: 0

Abstract

Abstract Given the increase in cybercrime, cybersecurity analysts (i.e. defenders) are in high demand. Defenders must monitor an organization’s network to evaluate threats and potential breaches into the network. Adversary simulation is commonly used to test defenders’ performance against known threats to organizations. However, it is unclear how effective this training process is in preparing defenders for this highly demanding job. In this paper, we demonstrate how to use adversarial algorithms to investigate defenders’ learning using interactive cyber-defense games. We created an Interactive Defense Game (IDG) that represents a cyber-defense scenario, which requires monitoring of incoming network alerts and allows a defender to analyze, remove, and restore services based on the events observed in a network. The participants in our study faced one of two types of simulated adversaries. A Beeline adversary is a fast, targeted, and informed attacker; and a Meander adversary is a slow attacker that wanders the network until it finds the right target to exploit. Our results suggest that although human defenders have more difficulty to stop the Beeline adversary initially, they were able to learn to stop this adversary by taking advantage of their attack strategy. Participants who played against the Beeline adversary learned to anticipate the adversary’s actions and took more proactive actions, while decreasing their reactive actions. These findings have implications for understanding how to help cybersecurity analysts speed up their training.
通过互动网络防御游戏,从人类防御者那里了解模拟对手
鉴于网络犯罪的增加,网络安全分析师(即防御者)的需求量很大。防御者必须监视组织的网络,以评估威胁和对网络的潜在破坏。对手模拟通常用于测试防御者应对组织已知威胁的性能。然而,目前尚不清楚这种训练过程在为这项高要求的工作做好准备方面是否有效。在本文中,我们演示了如何使用对抗算法来研究防御者的学习使用交互式网络防御游戏。我们创建了一个交互式防御游戏(IDG),它代表了一个网络防御场景,它需要监视传入的网络警报,并允许防御者根据在网络中观察到的事件分析、删除和恢复服务。在我们的研究中,参与者面对两种类型的模拟对手之一。直线攻击者是一种快速、有针对性且消息灵通的攻击者;迂回攻击者是一种缓慢的攻击者,它在网络中徘徊,直到找到合适的攻击目标。我们的研究结果表明,尽管人类防御者最初很难阻止直线对手,但他们能够通过利用攻击策略来学会阻止对手。与“直线”对手对抗的参与者学会了预测对手的行动,并采取了更积极的行动,同时减少了他们的被动行动。这些发现对理解如何帮助网络安全分析师加快培训具有启示意义。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Cybersecurity
Journal of Cybersecurity SOCIAL SCIENCES, INTERDISCIPLINARY-
CiteScore
6.20
自引率
2.60%
发文量
0
审稿时长
18 weeks
期刊介绍: Journal of Cybersecurity provides a hub around which the interdisciplinary cybersecurity community can form. The journal is committed to providing quality empirical research, as well as scholarship, that is grounded in real-world implications and solutions. Journal of Cybersecurity solicits articles adhering to the following, broadly constructed and interpreted, aspects of cybersecurity: anthropological and cultural studies; computer science and security; security and crime science; cryptography and associated topics; security economics; human factors and psychology; legal aspects of information security; political and policy perspectives; strategy and international relations; and privacy.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信