4 research outputs found
Addressing Emerging Information Security Personnel Needs. A Look at Competitions in Academia: Do Cyber Defense Competitions Work?
This paper is part of a proposed study that looks at the emerging information security personnel needs of organizations. We are attempting to explore the correlation between components of a regional cyber defense competition and an organization’s needs in terms of employing adequately trained information security personnel. We look to identify some unique characteristics of a regional academic cyber defense competition via the critical success factors method
Exploring utilization of visualization for computer and network security
The role of the network security administrator is continually morphing to keep pace with the ever-changing area of computer and network security. These changes are due in part to both the continual development of new security exploits by attackers as well as improvements in network security products available for use. One area which has garnered much research in the past decade is the use of visualization to ease the strain on network security administrators. Visualization mechanisms utilize the parallel processing power of the human visual system to allow for the identification of possible nefarious network activity. This research details the development and use of a visualization system for network security. The manuscript is composed of four papers which provide a progression of research pertaining to the system. The first paper utilizes research in the area of information visualization to develop a new framework for designing visualization systems for network security. Next, a visualization system is developed in the second paper which has been utilized during multiple cyber defense competitions to aid in competition performance. The last two papers deal with evaluating the developed system. First, an exploratory analysis provides an initial assessment using participant interviews during one cyber defense competition. Second, a quasi field experiment explores the intention of subjects to use the system based on the type of visualization being viewed
AiCEF: An AI-assisted Cyber Exercise Content Generation Framework Using Named Entity Recognition
Content generation that is both relevant and up to date with the current
threats of the target audience is a critical element in the success of any
Cyber Security Exercise (CSE). Through this work, we explore the results of
applying machine learning techniques to unstructured information sources to
generate structured CSE content. The corpus of our work is a large dataset of
publicly available cyber security articles that have been used to predict
future threats and to form the skeleton for new exercise scenarios. Machine
learning techniques, like named entity recognition (NER) and topic extraction,
have been utilised to structure the information based on a novel ontology we
developed, named Cyber Exercise Scenario Ontology (CESO). Moreover, we used
clustering with outliers to classify the generated extracted data into objects
of our ontology. Graph comparison methodologies were used to match generated
scenario fragments to known threat actors' tactics and help enrich the proposed
scenario accordingly with the help of synthetic text generators. CESO has also
been chosen as the prominent way to express both fragments and the final
proposed scenario content by our AI-assisted Cyber Exercise Framework (AiCEF).
Our methodology was put to test by providing a set of generated scenarios for
evaluation to a group of experts to be used as part of a real-world awareness
tabletop exercise
A review of cyber-ranges and test-beds:current and future trends
Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CR and TB platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CR and TB research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs dimensions, as well as, highlighting a diminishing differentiation between application areas