Mobile Network Defense Interface for Cyber Defense and Situational Awareness
AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT
Pagination or Media Count:
Todays computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services IDS IPS. Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a MNDI was created that visualized a live network under cyber attack. MNDI allowed test subjects to take actions and make configuration changes in real time on the network. The interface was designed to take advantage of state-of-the-art touch technology engaging the network administrator in the defense of the network. MNDI increased administrators ability to make time-sensitive decision quickly and accurately on their network. MNDI was tested against a set of open source network administration tool implemented on a desktop system. Both systems used an automated system that polled an ES to resolve zero to 75 of the alerts. The amount of alerts resolved is referred to as level of automation LOA. During the experiment MNDI outperformed the desktop configuration at all LOAs. The test results showed a statistical difference between the percentage of alerts correctly resolved and the time between actions on MNDI versus desktop test subjects.
- Computer Systems Management and Standards