Cyberdefense Adaptive Training Based on the Classification of Operator Cognitive State

Abstract: To face the increasing number and the variety of cyberattacks, training and adaptation of cyberdefense operators become critical and should be managed all along their careers. Thus, it is necessary to develop adaptive training methods that are able to quickly detect operators' weaknesses and to propose a strategy to reinforce their skills on these points. This paper presents the choice of a cognitive model in order to guide the development of an adaptive training software. In this regard, the paper proposes a review of several elements that contributed to the development of the model.Cyberattacks are continuously increasing in variety and number, and therefore require a constant adaptation from the operator who must react to each attack with rapidity and efficiency. To face these changes, cyber operators must be trained regularly.This training aims to: 1) maintain knowledge of cyber operators up to date, 2) train cyber operators to use new tools and 3) allow cyber operators to appropriately react to new attacks.In this regard, adaptive training softwares support the training of cyberdefense operators in order to improve their performance in real conditions. To propose an adaptive training software, there are several requirements to satisfy such as an ecological environment, a system to adapt the training scenario autonomously and a way to assess the difficulties experienced by the trainee. To support this dynamic and customised adaptation of the training scenario, it is important to detect or predict when errors may occur. For this purpose, behavioural and physiological data can be used to assess the variations in performance and mental workload that can lead to an error. This paper deals with the choice of a cognitive model that could support the design of a software for adaptive training in the cyberdefense field. Such a model would allow us to understand the different cognitive processes used by the operator to perform tasks, and to identify the factors that could contribute to performance decrement. This model can then orient the selection of appropriate physiological and behavioural indicators to measure what parts of the task cause difficulty to the operator.

Keywords: Adaptive-training / cyberdefense-training / automated-scenario-reconfiguration

DOI: 10.54941/ahfe1002202

Cite this paper:

​