Cyber security analysts may be organized in teams to share skills and support each other upon the occurrence of cyber attacks. Team work is expected to enforce the mitigation capability against unpredictable attacks addressed against a set of cyber assets requiring protection. A conceptual model for evaluating the expected performances of cooperating analysts by reproducing their learning process within a team is proposed. Analytical approaches to solve the underlying state-space model under stochastic evolution and discrete-event simulation are both discussed. The basic assumption is that a set of regeneration points corresponds to skill achievement through learning. A Simulation-based Optimization (SO) tool ranging from the inner level modeling of the cooperation-based learning process to the outer assignment of analysts to assets is then presented. Team formation may be supported by the SO tool for obtaining the team composition, in terms of individuals and skills, that maximizes system performance measures. Numerical results are reported for illustrative purposes.

Modeling and simulation of cooperation and learning in cyber security defense teams

LEGATO Pasquale;MAZZA Rina Mary
2017-01-01

Abstract

Cyber security analysts may be organized in teams to share skills and support each other upon the occurrence of cyber attacks. Team work is expected to enforce the mitigation capability against unpredictable attacks addressed against a set of cyber assets requiring protection. A conceptual model for evaluating the expected performances of cooperating analysts by reproducing their learning process within a team is proposed. Analytical approaches to solve the underlying state-space model under stochastic evolution and discrete-event simulation are both discussed. The basic assumption is that a set of regeneration points corresponds to skill achievement through learning. A Simulation-based Optimization (SO) tool ranging from the inner level modeling of the cooperation-based learning process to the outer assignment of analysts to assets is then presented. Team formation may be supported by the SO tool for obtaining the team composition, in terms of individuals and skills, that maximizes system performance measures. Numerical results are reported for illustrative purposes.
2017
9780993244049
Cyber security; Simulation optimization; Team formation and cooperation; Modeling and Simulation
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.11770/268641
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact