Using Camouflaged Cyber Simulations as a Model to Ensure Validity in Cybersecurity Experimentation

TL;DR

This paper proposes using camouflaged cyber simulations to improve empirical research standards in cybersecurity, aiming to enhance validity, reliability, and generalizability of experimental results.

Contribution

It introduces camouflaged cyber simulations as a novel research tool to establish valid and reliable cybersecurity experiments and best practices.

Findings

Camouflaged simulations support empirical research standards.

The approach enhances internal and external validity.

It aids in developing cybersecurity research metrics.

Abstract

Experimental research methods describe standards to safeguard scientific integrity and reputability. These methods have been extensively integrated into traditional scientific disciplines and studied in the philosophy of science. The field of cybersecurity is just beginning to develop preliminary research standards and modeling practices. As such, the science of cybersecurity routinely fails to meet empirical research criteria, such as internal validity, external validity, and construct validity. These standards of experimentation enable the development of metrics, create assurance of experimental soundness, and aid in the generalizability of results. To facilitate such empirical experimentation in cybersecurity, we propose the adaptation of camouflaged cyber simulations as an approach for cybersecurity research. This research tool supports this mechanistic method of experimentation and aids in the construction of general cybersecurity research best practices.