The world (of CTF) is not enough data: Lessons learned from a cyber deception experiment

Kimberly Ferguson-Walter, Maxine Major, Dirk Van Bruggen, Sunny Fugate, Robert Gutzwiller

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The human side of cyber is fundamentally important to understanding and improving cyber operations. With the exception of Capture the Flag (CTF) exercises, cyber testing and experimentation tends to ignore the human attacker. While traditional CTF events include a deeply rooted human component, they rarely aim to measure human performance, cognition, or psychology. We argue that CTF is not sufficient for measuring these aspects of the human; instead, we examine the value in performing red team behavioral and cognitive testing in a large-scale, controlled human-subject experiment. In this paper we describe the pros and cons of performing this type of experimentation and provide detailed exposition of the data collection and experimental controls used during a recent cyber deception experiment - the Tularosa Study. Finally, we will discuss lessons learned and how our experiences can inform best practices in future cyber operations studies of human behavior and cognition.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 IEEE 5th International Conference on Collaboration and Internet Computing, CIC 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages346-353
Number of pages8
ISBN (Electronic)9781728167398
DOIs
StatePublished - Dec 2019
Event5th IEEE International Conference on Collaboration and Internet Computing, CIC 2019 - Los Angeles, United States
Duration: Dec 12 2019Dec 14 2019

Publication series

NameProceedings - 2019 IEEE 5th International Conference on Collaboration and Internet Computing, CIC 2019

Conference

Conference5th IEEE International Conference on Collaboration and Internet Computing, CIC 2019
CountryUnited States
CityLos Angeles
Period12/12/1912/14/19

Keywords

  • Computer-security-computer-networks-computer-hacking-cyber-defense-research-and-development-humans-testing-deception

ASJC Scopus subject areas

  • Computer Science Applications
  • Management Information Systems
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems and Management
  • Management Science and Operations Research

Fingerprint Dive into the research topics of 'The world (of CTF) is not enough data: Lessons learned from a cyber deception experiment'. Together they form a unique fingerprint.

Cite this