Date of Award
3-23-2018
Document Type
Thesis
Degree Name
Master of Science in Cyber Operations
Department
Department of Electrical and Computer Engineering
First Advisor
Brett J. Borghetti, PhD.
Abstract
As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause grave damage to the network and host systems. The Cyber Intruder Alert Testbed (CIAT), a synthetic task environment (STE), was expanded to include investigative pattern of behavior monitoring and confidence reporting capabilities. By analyzing the behavior and confidence of participants while they conducted cyber-based investigations, this research was able to identify a mapping between investigative patterns of behavior and decision confidence. The total time spent on a decision, the time spent using different investigative tools, and total number of tool transitions, were all factors which influenced the reported confidence of participants when conducting cyber-based investigations.
AFIT Designator
AFIT-ENG-MS-18-M-013
DTIC Accession Number
AD1055980
Recommended Citation
Borneman, Markus M., "Estimating Defensive Cyber Operator Decision Confidence" (2018). Theses and Dissertations. 1796.
https://scholar.afit.edu/etd/1796