Homework 4

Due a week after the first class at 11:59 pm

Read the assigned articles in D2L. Answer the questions below. The answers must demonstrate that you have substantively engaged with the material and you haven’t simply goggled the question and copy/pasted the answer.

1. What are some indicators of a cyberattack? Do they always mean that there has been an attack?
2. Signal Detection Theory describes the problem space as made up of signal and noise. What are some examples of signal and noise in cybersecurity?
3. Scenario: We have discussed true/false positives and true/false negatives in a cybersecurity context. Name some ways that false positives can be costly.
4. Scenario: Sawyer, Finomore, Funke, Mancuseo, Funke, Matthews, & Warm (2014) found that like traditional vigilance tasks, performance on cyber detection tasks decreases over time. Performance was better when signal probability was high and cognitive complex tasks usually do not show similar decrement. How might we use these findings to improve cyber detection performance?
5. Most of the scenarios we have discussed have considered signal detection from a defense perspective. Think about signal detection from the perspective of an attacker perpetrating a social engineering scheme. Name what such an attacker might consider “signal” and “noise.” What would be the true/false positives and true/false negatives in that scenario?

Simulation 2

You are going to see (or hear, if you do the audio version) a series of signal displays and then a series of noise displays. Follow the instruction on the screen and try to click when you detect a signal, but not when the output is noise.

A visual version of the simulation is available at the following URL: https://wsray3.casl.umd.edu/cv313/sim07/index.html

An auditory version of the simulation is available at the following URL: https://wsray3.casl.umd.edu/cv313/sim07a/index.html

Answer the questions listed below.

1. What was your hit rate and false alarm rate for the first simulation?
2. What was your hit rate and false alarm rate for the second simulation?
3. What changed between the two simulations? How did this impact your performance?
4. What do you think would happen if we move the signal distribution to the right?
5. For the third and fourth simulation you were asked to change your response threshold, first to ensure that you would not miss any hits, and then so you would not have any false alarms. How did the instructions change your performance?
6. From a cybersecurity perspective, what instruction would you give a network defense specialist about distinguishing signal fr