Mobile Network Defense Interface for Cyber Defense and Situational Awareness

Abstract

Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a MNDI was created that visualized a live network under cyber attack. MNDI allowed test subjects to take actions and make configuration changes in real time on the network. The interface was designed to take advantage of state-of-the-art touch technology engaging the network administrator in the defense of the network. MNDI increased administrator's ability to make time-sensitive decision quickly and accurately on their network. MNDI was tested against a set of open source network administration tool implemented on a desktop system. Both systems used an automated system that polled an ES to resolve zero to 75% of the alerts. The amount of alerts resolved is referred to as level of automation (LOA). During the experiment MNDI outperformed the desktop configuration at all LOAs. The test results showed a statistical difference between the percentage of alerts correctly resolved and the time between actions on MNDI versus desktop test subjects.

Document Details

Document Type

Technical Report

Publication Date

Mar 01, 2013

Accession Number

ADA582489

Entities

Tags