DESSRT:大规模经验红色团队的新框架

IF 1.5 Q2 EDUCATION & EDUCATIONAL RESEARCH

SIMULATION & GAMING Pub Date : 2022-11-03 DOI:10.1177/10468781221135199

Brandon Behlendorf, G. Ackerman

{"title":"DESSRT:大规模经验红色团队的新框架","authors":"Brandon Behlendorf, G. Ackerman","doi":"10.1177/10468781221135199","DOIUrl":null,"url":null,"abstract":"Background Red Teaming is widely used to discover vulnerabilities, test defensive measures, and anticipate emerging but novel threats. It has rarely been conducted both systematically and at scale, substantially limiting confidence in its results and the generalizability of its findings. Aim We introduce distributed, empirical, systematic, and scalable red teaming (DESSRT), a framework for translating tactical-level Red Teaming into a replicable research methodology. We apply DESSRT to address whether the information about and availability of computed tomography (CT) scanners influences adversary decision-making in aviation security. Method Using a convenience sample of 143 university students, participants role-played as adversaries in an eight-hour attack planning exercise. Via a custom instrument, participants were randomly assigned across three adversary profiles built on historical cases and then designed a simulated attack. Afterwards, one of three injects about CT scanners were randomly assigned, and participants were asked about potential changes in attack plans (including target changes). Differences among assigned profiles and CT scanner injects were evaluated using standard statistical tests of association. Results Although differences in explosive and weapon package selections were not statistically significant across profiles, security evasion methods were. Following injects, participants were equally as likely to change tactics across profiles, with the majority (53%) changing at least one tactical area. When asked, the majority (18) of those who changed targets (27/143) reported that the additional information on CT scanners did have some effect on their target change decision. Conclusion Overall, the DESSRT framework provides a novel mechanism for translating traditional Red Teaming exercises into a replicable and empirical research method. Although not a replacement for historical data, where available, DESSRT allows analysts and researchers to test theories about human decision-making, generate novel what-if insights to support planning efforts, and validate parameters within complex models.","PeriodicalId":47521,"journal":{"name":"SIMULATION & GAMING","volume":null,"pages":null},"PeriodicalIF":1.5000,"publicationDate":"2022-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"DESSRT: A Novel Framework for Empirical Red Teaming at Scale\",\"authors\":\"Brandon Behlendorf, G. Ackerman\",\"doi\":\"10.1177/10468781221135199\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Background Red Teaming is widely used to discover vulnerabilities, test defensive measures, and anticipate emerging but novel threats. It has rarely been conducted both systematically and at scale, substantially limiting confidence in its results and the generalizability of its findings. Aim We introduce distributed, empirical, systematic, and scalable red teaming (DESSRT), a framework for translating tactical-level Red Teaming into a replicable research methodology. We apply DESSRT to address whether the information about and availability of computed tomography (CT) scanners influences adversary decision-making in aviation security. Method Using a convenience sample of 143 university students, participants role-played as adversaries in an eight-hour attack planning exercise. Via a custom instrument, participants were randomly assigned across three adversary profiles built on historical cases and then designed a simulated attack. Afterwards, one of three injects about CT scanners were randomly assigned, and participants were asked about potential changes in attack plans (including target changes). Differences among assigned profiles and CT scanner injects were evaluated using standard statistical tests of association. Results Although differences in explosive and weapon package selections were not statistically significant across profiles, security evasion methods were. Following injects, participants were equally as likely to change tactics across profiles, with the majority (53%) changing at least one tactical area. When asked, the majority (18) of those who changed targets (27/143) reported that the additional information on CT scanners did have some effect on their target change decision. Conclusion Overall, the DESSRT framework provides a novel mechanism for translating traditional Red Teaming exercises into a replicable and empirical research method. Although not a replacement for historical data, where available, DESSRT allows analysts and researchers to test theories about human decision-making, generate novel what-if insights to support planning efforts, and validate parameters within complex models.\",\"PeriodicalId\":47521,\"journal\":{\"name\":\"SIMULATION & GAMING\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2022-11-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SIMULATION & GAMING\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1177/10468781221135199\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"EDUCATION & EDUCATIONAL RESEARCH\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SIMULATION & GAMING","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1177/10468781221135199","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"EDUCATION & EDUCATIONAL RESEARCH","Score":null,"Total":0}

引用次数: 0

摘要

红队被广泛用于发现漏洞、测试防御措施和预测新出现的威胁。它很少有系统地和大规模地进行，大大限制了对其结果的信心及其发现的普遍性。我们介绍了分布式的、经验的、系统的和可扩展的红队(DESSRT)，这是一个将战术级红队转化为可复制的研究方法的框架。我们应用DESSRT来解决关于计算机断层扫描(CT)扫描仪的信息和可用性是否影响对手在航空安全中的决策。方法采用143名大学生作为方便样本，参与者在8小时的攻击计划练习中扮演对手。通过一个定制的工具，参与者被随机分配到三个基于历史案例的对手档案中，然后设计一个模拟攻击。之后，随机分配三次CT扫描仪注射中的一次，并询问参与者攻击计划的潜在变化(包括目标变化)。使用标准的关联统计检验评估分配剖面和CT扫描仪注射之间的差异。结果各剖面在爆炸物和武器包选择上差异无统计学意义，但安全规避方法存在差异。注射后，参与者同样有可能改变不同的策略，其中大多数(53%)至少改变了一个战术领域。当被问及改变目标时，大多数(18)人(27/143)报告说，CT扫描仪上的额外信息确实对他们改变目标的决定有一定影响。总体而言，DESSRT框架为将传统的红队训练转化为可复制的实证研究方法提供了一种新机制。尽管DESSRT不能替代历史数据，但在可用的情况下，它允许分析人员和研究人员测试有关人类决策的理论，生成支持规划工作的新颖假设见解，并验证复杂模型中的参数。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

DESSRT: A Novel Framework for Empirical Red Teaming at Scale

Background Red Teaming is widely used to discover vulnerabilities, test defensive measures, and anticipate emerging but novel threats. It has rarely been conducted both systematically and at scale, substantially limiting confidence in its results and the generalizability of its findings. Aim We introduce distributed, empirical, systematic, and scalable red teaming (DESSRT), a framework for translating tactical-level Red Teaming into a replicable research methodology. We apply DESSRT to address whether the information about and availability of computed tomography (CT) scanners influences adversary decision-making in aviation security. Method Using a convenience sample of 143 university students, participants role-played as adversaries in an eight-hour attack planning exercise. Via a custom instrument, participants were randomly assigned across three adversary profiles built on historical cases and then designed a simulated attack. Afterwards, one of three injects about CT scanners were randomly assigned, and participants were asked about potential changes in attack plans (including target changes). Differences among assigned profiles and CT scanner injects were evaluated using standard statistical tests of association. Results Although differences in explosive and weapon package selections were not statistically significant across profiles, security evasion methods were. Following injects, participants were equally as likely to change tactics across profiles, with the majority (53%) changing at least one tactical area. When asked, the majority (18) of those who changed targets (27/143) reported that the additional information on CT scanners did have some effect on their target change decision. Conclusion Overall, the DESSRT framework provides a novel mechanism for translating traditional Red Teaming exercises into a replicable and empirical research method. Although not a replacement for historical data, where available, DESSRT allows analysts and researchers to test theories about human decision-making, generate novel what-if insights to support planning efforts, and validate parameters within complex models.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

SIMULATION & GAMING EDUCATION & EDUCATIONAL RESEARCH-

CiteScore

5.30

自引率

5.00%

发文量

期刊介绍： Simulation & Gaming: An International Journal of Theory, Practice and Research contains articles examining academic and applied issues in the expanding fields of simulation, computerized simulation, gaming, modeling, play, role-play, debriefing, game design, experiential learning, and related methodologies. The broad scope and interdisciplinary nature of Simulation & Gaming are demonstrated by the wide variety of interests and disciplines of its readers, contributors, and editorial board members. Areas include: sociology, decision making, psychology, language training, cognition, learning theory, management, educational technologies, negotiation, peace and conflict studies, economics, international studies, research methodology.