{"title":"DESSRT: A Novel Framework for Empirical Red Teaming at Scale","authors":"Brandon Behlendorf, G. Ackerman","doi":"10.1177/10468781221135199","DOIUrl":null,"url":null,"abstract":"Background Red Teaming is widely used to discover vulnerabilities, test defensive measures, and anticipate emerging but novel threats. It has rarely been conducted both systematically and at scale, substantially limiting confidence in its results and the generalizability of its findings. Aim We introduce distributed, empirical, systematic, and scalable red teaming (DESSRT), a framework for translating tactical-level Red Teaming into a replicable research methodology. We apply DESSRT to address whether the information about and availability of computed tomography (CT) scanners influences adversary decision-making in aviation security. Method Using a convenience sample of 143 university students, participants role-played as adversaries in an eight-hour attack planning exercise. Via a custom instrument, participants were randomly assigned across three adversary profiles built on historical cases and then designed a simulated attack. Afterwards, one of three injects about CT scanners were randomly assigned, and participants were asked about potential changes in attack plans (including target changes). Differences among assigned profiles and CT scanner injects were evaluated using standard statistical tests of association. Results Although differences in explosive and weapon package selections were not statistically significant across profiles, security evasion methods were. Following injects, participants were equally as likely to change tactics across profiles, with the majority (53%) changing at least one tactical area. When asked, the majority (18) of those who changed targets (27/143) reported that the additional information on CT scanners did have some effect on their target change decision. Conclusion Overall, the DESSRT framework provides a novel mechanism for translating traditional Red Teaming exercises into a replicable and empirical research method. Although not a replacement for historical data, where available, DESSRT allows analysts and researchers to test theories about human decision-making, generate novel what-if insights to support planning efforts, and validate parameters within complex models.","PeriodicalId":47521,"journal":{"name":"SIMULATION & GAMING","volume":null,"pages":null},"PeriodicalIF":1.5000,"publicationDate":"2022-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SIMULATION & GAMING","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1177/10468781221135199","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"EDUCATION & EDUCATIONAL RESEARCH","Score":null,"Total":0}
引用次数: 0
Abstract
Background Red Teaming is widely used to discover vulnerabilities, test defensive measures, and anticipate emerging but novel threats. It has rarely been conducted both systematically and at scale, substantially limiting confidence in its results and the generalizability of its findings. Aim We introduce distributed, empirical, systematic, and scalable red teaming (DESSRT), a framework for translating tactical-level Red Teaming into a replicable research methodology. We apply DESSRT to address whether the information about and availability of computed tomography (CT) scanners influences adversary decision-making in aviation security. Method Using a convenience sample of 143 university students, participants role-played as adversaries in an eight-hour attack planning exercise. Via a custom instrument, participants were randomly assigned across three adversary profiles built on historical cases and then designed a simulated attack. Afterwards, one of three injects about CT scanners were randomly assigned, and participants were asked about potential changes in attack plans (including target changes). Differences among assigned profiles and CT scanner injects were evaluated using standard statistical tests of association. Results Although differences in explosive and weapon package selections were not statistically significant across profiles, security evasion methods were. Following injects, participants were equally as likely to change tactics across profiles, with the majority (53%) changing at least one tactical area. When asked, the majority (18) of those who changed targets (27/143) reported that the additional information on CT scanners did have some effect on their target change decision. Conclusion Overall, the DESSRT framework provides a novel mechanism for translating traditional Red Teaming exercises into a replicable and empirical research method. Although not a replacement for historical data, where available, DESSRT allows analysts and researchers to test theories about human decision-making, generate novel what-if insights to support planning efforts, and validate parameters within complex models.
期刊介绍:
Simulation & Gaming: An International Journal of Theory, Practice and Research contains articles examining academic and applied issues in the expanding fields of simulation, computerized simulation, gaming, modeling, play, role-play, debriefing, game design, experiential learning, and related methodologies. The broad scope and interdisciplinary nature of Simulation & Gaming are demonstrated by the wide variety of interests and disciplines of its readers, contributors, and editorial board members. Areas include: sociology, decision making, psychology, language training, cognition, learning theory, management, educational technologies, negotiation, peace and conflict studies, economics, international studies, research methodology.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
