Description:
OBJECTIVE: To develop a novel human-in-the loop simulation and assessment system that integrates various network models, attack graph visualization, low-level vulnerability information, and decision support functions for cyber situation awareness research and for assessing and enhancing team cyber situation awareness and assisting cyber analyst training. DESCRIPTION: The recent increase in cyber attacks against United States critical assets has greatly expanded efforts to develop effective cyber defenses. A critical requirement for cyber situational awareness is to understand the overall context of network vulnerabilities, how they are interrelated, and how attackers may exploit them to penetrate deeper in the network. Human cyber analysts are an essential element in these efforts. Information overload and a concomitant lack of comprehensive cyber situation awareness are common problems that hamper the effectiveness of analysis. Technologies based on attack graph technology and operational concepts like team structure help create a common operating picture and lay a foundation for human analysts to establish cyber situation awareness. Systems that can carry out human-in-the loop simulation and cyber exercises will lead to new capabilities in assessing the effectiveness of analysts and tools they use, help enhance individual and team performance, and provide assistance in training of new analysts. The system developed under this topic will create a new capability in assessing team effectiveness and in training new analysts. PHASE I: 1) Research and develop a novel simulation and analysis model based on a cognitive task analysis of the cyber domain that directly integrates network models, attack graph visualization, low-level vulnerability information, and decision support functions; 2) Extend existing team cognition metrics for cognitive system performance to assess tool effectiveness and cyber situation awareness 3) Evaluate the psychological validity of the tool by conducting human-in-the-loop testing. PHASE II: 1) Develop a working cyber situation awareness simulation and assessment system, and establish the capability of recreating/replaying attack scenarios for analyst training and situation awareness effectiveness assessment 2) Carry out benchmarking experiments with human participants and with real and synthetic traffic generators and information feeds representative of actual scenarios. 3) Validate system effectiveness under real operational testing with human analysts. 4) Demonstrate the effectiveness of analyst training using the system. PHASE III -- DUAL-USE COMMERCIALIZATION: Effective cyber attack mitigation is a critical capability for both the military and commercial sectors. The developed technology will be useable on both government networks and commercial networks for testing technology with humans-in-the-loop, for analyzing analysts"effectiveness, and for training new analysts. The developed system should be marketed as a product that can easily be deployed alongside existing systems.
