Security managers must scan through multiple continuous data streams issuing from diverse sources in an effort to defend computer networks from attack. However, manual aggregation of this information is not achievable for vital decision-making within a narrow timeframe if security managers are not well-educated in current attack vectors. Thus, extensive and periodic training in attack methods, situation awareness and decision-making strategy should be required. However, it is challenging to provide training environments that can properly simulate multi-stage attacks effectively. Security managers are also impeded by the lack of dynamic feedback afforded by traditional training. This can result in false positive or negative readings of their preparedness. In this paper we discuss strategies to provide effective simulation and training of computer network defense for security managers through the integration of knowledge, intelligent agents, and proven network defense technologies.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Bishop, Computer security: art and science. Boston, MA: Addison-Wesley, 2003.
	2	C. Carver, J. Surdu, J. Hill, D. Ragsdale, S. Lathrop, and T. Presby, "Military Academy Attack/Defense Network Simulation," presented at 3rd Annual Information Assurance Workshop, United States Military Academy, West Point, New York, 2002.
	3	L. L. DeLooze, P. McKean, J. R. Mostow, and C. Graig, "Incorporating Simulation into the Computer Security Classroom," presented at 34th Annual Frontiers in Education (FIE 2004), 2004.
	4	Virgil D. Gligor , Tom Haigh , Dick Kemmerer , Carl Landwehr , Steve Lipner , John McLean, Information Assurance Technology Forecast 2005, IEEE Security and Privacy, v.4 n.1, p.62, January 2006  [doi>10.1109/MSP.2006.14]
	5	J. Hu, "Denial-of-service attack causes web blackout," in silicon.com, June 16 ed, 2004.
	6	S. Krasser, G. Conti, J. Grizzard, J. Gribschaw, and H. Owen, "Real-time and forensic network data analysis using animated and coordinated visualization," presented at 6th Annual Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005.
	7	Kun-chan Lan , John Heidemann, A tool for RApid model parameterization and its applications, Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research, August 25-27, 2003, Karlsruhe, Germany  [doi>10.1145/944773.944786]
	8	C. B. Lee, C. Roedel, and E. Silenok, "Detection and characterization of port scan attacks," vol. 2004. San Diego, CA, 2003.
	9	Michael Liljenstam , Jason Liu , David M. Nicol , Yougu Yuan , Guanhua Yan , Chris Grier, RINSE: The Real-Time Immersive Network Simulation Environment for Network Security Exercises (Extended Version), Simulation, v.82 n.1, p.43-59, January 2006  [doi>10.1177/0037549706065544]
	10	Michael Liljenstam , David M. Nicol , Vincent H. Berk , Robert S. Gray, Simulating realistic network worm traffic for worm warning system design and testing, Proceedings of the 2003 ACM workshop on Rapid malcode, October 27-27, 2003, Washington, DC, USA  [doi>10.1145/948187.948193]
	11	Jason Liu, Packet-level integration of fluid TCP models in real-time network simulation, Proceedings of the 38th conference on Winter simulation, December 03-06, 2006, Monterey, California
	12	D. McGrath, D. Hill, A. Hunt, M. Ryan, and T. Smith, "NetSim: A Distributed Network Simulation to Support Cyber Exercises," presented at Huntsville Simulation Conference, Huntsville, AL, 2004.
	13	David M. Nicol , Jason Liu , Michael Liljenstam , Guanhua Yan, Simulation of large scale networks I: simulation of large-scale networks using SSF, Proceedings of the 35th conference on Winter simulation: driving innovation, December 07-10, 2003, New Orleans, Louisiana
	14	A. Potter and G. Streeter, "Work-centered services for the semantic Web," presented at 3rd International Symposium on Multi-Agent Systems, Large Complex Systems, and E-Businesses (MALCEB '2002), Erfurt/Thuringia, Germany, 2002.
	15	Jeff Rickel , W. Lewis Johnson, Extending virtual humans to support team training in virtual reality, Exploring artificial intelligence in the new millennium, Morgan Kaufmann Publishers Inc., San Francisco, CA, 2003
	16	P. Roberts, "FBI investigating Cisco source code leak," in Computer World, May 15 ed, 2004.
	17	Neil C. Rowe , Sandra Schiavo, An intelligent tutor for intrusion detection on computer systems, Computers & Education, v.31 n.4, p.395-404, Dec. 1998  [doi>10.1016/S0360-1315(98)00049-9]
	18	J. Saunders, "Simulation Approaches in Information Security Education," presented at The 6th Nat'l Colloquium for Information Systems Security Education, Redmond, Washington, 2002.
	19	G. Streeter and A. Potter, "KNAML: A knowledge representation language for distributed reasoning," in Conceptual Structures at Work, K. E. Wolff, H. D. Pfeiffer, and H. S. Delugach, Eds. Berlin: Springer-Verlag, 2004, pp. 361--374.
	20	G. Streeter, A. Potter, and T. Flores, "A mediated architecture for multi-agent systems," presented at Seventeenth International Joint Conference on Artificial Intelligence: Workshop on E-Business and the Intelligent Web, Seattle, WA, 2001.