The Cry Wolf IDS Simulator

Cry Wolf provides an environment for conducting controlled experiments of cyber security analysis tasks. Cry Wolf supports studying the impact of IDS false alarm rate on human analyst’s ability to correctly classify simulated alerts.

More about Cry Wolf and it’s uses:

Cry Wolf: Toward an Experimentation Platform and Dataset for Human Factors in Cyber Security Analysis - William Roden and Lucas Layman. In 2020 ACM Southeast Conference (ACMSE 2020), April 2–4, 2020, Tampa, FL,USA.ACM, New York, NY, USA, 4 pages. https://doi.org/10.1145/3374135.3385301
The Cry Wolf Dataset - a dataset of simulated IDS alerts

Please contact Lucas Layman (laymanl@uncw.edu) If you are interested in using Cry Wolf.

Screenshots

Alert Table

alt text The main alert table. Event numbers are links to alert details.

Alert Evalation Form

alt text The alert details screen and evaluation form. Participants select their decision and a confidence rating. A confidence rating is not required for “I don’t know” answers.

Security Playbook

alt text The Security Playbook shown to participants during training and available during the main alert evaluation task.

Training Event

alt text

An example training event.