Analysts in cybersecurity are responsible for monitoring and responding to security incidents in computer systems. They constantly need to acquire sophisticated skills to detect and mitigate sophisticated attacks such as multi-stage and multi-step network attacks (MSNA) that can long hours, days and even months. Unfortunately, there is a lack of MSNA datasets where cybersecurity analyst can train themselves about this matter. Moreover, their inherent complexity makes very difficult to cybersecurity analysts to detect them just reading logs. This work presents a human-centric approach to create MSNAs scenarios for training cybersecurity analysts on detecting concurrent MSNAs. To do this, we have designed NetWars to simulate a training scenario for cybersecurity analyst based on the attacks perpetrated for highly skilled teams during capture The flag events. During the training, cybersecurity analysts receive multiple concurrent MSNAs from 19 different attackers, where the trainee must decide which attack to prioritize for mitigation given that she has limited resources. We hypothesize that using a human-centric cybersecurity approach for cybersecurity analysts learn about detecting and evaluating MSNAs priorities would be better than using traditional approach based on the outputs of Intrusion detection systems. Results are encouraging. the tool’s adoption also yielded a remarkable 95% success rate in generating accurate answers. The usability of the NetWars prototype was highlighted by the users.

Vincent Depassier

Andrés Bello National University

Romina Torres

Adolfo Ibáñez University