Humans are commonly seen as the weakest link in corporate information security. This led to a lot of effort being put into security training and awareness campaigns, which resulted in employees being less likely the target of successful attacks. Existing approaches, however, do not tap the full potential that can be gained through these campaigns. On the one hand, human perception offers an additional source of contextual information for detected incidents, on the other hand it serves as information source for incidents that may not be detectable by automated procedures. These approaches only allow a text-based reporting of basic incident information. A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing. In this work, we propose an approach, which allows humans to systematically report perceived anomalies or incidents in a structured way. Our approach furthermore supports the integration of such reports into analytics systems. Thereby, we identify connecting points to SIEM systems, develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans. A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.

中文翻译：

---

用于收集威胁情报的人为安全传感器

人类通常被视为企业信息安全中最薄弱的环节。这导致在安全培训和意识活动中投入了大量精力，从而降低了员工成为成功攻击目标的可能性。然而，现有的方法并没有挖掘通过这些活动可以获得的全部潜力。一方面，人类感知为检测到的事件提供了额外的上下文信息来源，另一方面，它作为自动化程序可能无法检测到的事件的信息源。这些方法只允许对基本事件信息进行基于文本的报告。仍然缺少人工提供的信息的结构化记录，该记录还提供与现有 SIEM 系统的兼容性。在这项工作中，我们提出了一种方法，它允许人类以结构化的方式系统地报告感知到的异常或事件。我们的方法还支持将此类报告集成到分析系统中。因此，我们确定了与 SIEM 系统的连接点，开发了一种分类法来构建人类作为安全传感器可报告的元素，并开发结构化数据格式来记录人类提供的数据。一个应用于现实世界用例的原型人作为安全传感器向导展示了我们的概念证明。开发一种分类法，用于构建人类作为安全传感器可报告的元素，并开发结构化数据格式来记录人类提供的数据。一个应用于现实世界用例的原型人作为安全传感器向导展示了我们的概念证明。开发一种分类法，用于构建人类作为安全传感器可报告的元素，并开发结构化数据格式来记录人类提供的数据。一个应用于现实世界用例的原型人作为安全传感器向导展示了我们的概念证明。