The World (of CTF) is Not Enough Data: Lessons Learned from a Cyber Deception Experiment
| Autor: | Kimberly Ferguson-Walter, Dirk Van Bruggen, Robert S. Gutzwiller, Sunny Fugate, Maxine Major |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Value (ethics)
021110 strategic defence & security studies Data collection Computer science media_common.quotation_subject Best practice 0211 other engineering and technologies Cognition 02 engineering and technology Deception Data science Cognitive test 020204 information systems Component (UML) 0202 electrical engineering electronic engineering information engineering media_common Exposition (narrative) |
| Zdroj: | CIC |
| Popis: | The human side of cyber is fundamentally important to understanding and improving cyber operations. With the exception of Capture the Flag (CTF) exercises, cyber testing and experimentation tends to ignore the human attacker. While traditional CTF events include a deeply rooted human component, they rarely aim to measure human performance, cognition, or psychology. We argue that CTF is not sufficient for measuring these aspects of the human; instead, we examine the value in performing red team behavioral and cognitive testing in a large-scale, controlled human-subject experiment. In this paper we describe the pros and cons of performing this type of experimentation and provide detailed exposition of the data collection and experimental controls used during a recent cyber deception experiment—the Tularosa Study. Finally, we will discuss lessons learned and how our experiences can inform best practices in future cyber operations studies of human behavior and cognition. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|