From Cyber Situational Awareness to Adaptive Cyber Defense: Leveling the Cyber Playing Field

  • Massimiliano AlbaneseEmail author
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11170)


In the cyber security landscape, the asymmetric relationship between defender and attacker tends to favor the attacker: while the defender needs to protect a system against all possible ways of breaching it, the attacker needs to identify and exploit only one vulnerable entry point in order to succeed. In this chapter, we show how we can effectively reverse such intrinsic asymmetry in favor of the defender by concurrently pursuing two complementary objectives: increasing the defender’s understanding of multiple facets of the cyber landscape – referred to as Cyber Situational Awareness (CSA) – and creating uncertainty for the attacker through Moving Target Defense (MTD) or Adaptive Cyber Defense (ACD) techniques. This chapter provides a brief overview of contributions in these areas, and discusses future research directions.



This work was partially supported by the Army Research Office under grants W911NF-09-1-0525 and W911NF-13-1-0421.


  1. 1.
    Abbasi, F.H., Harris, R.J., Moretti, G., Haider, A., Anwar, N.: Classification of malicious network streams using honeynets. In: Proceedings of the IEEE Global Communications Conference (IEEE GLOBECOM 2012), pp. 891–897. IEEE, Anaheim, CA, USA, December 2012Google Scholar
  2. 2.
    Albanese, M., Jajodia, S.: Formation of awareness. In: Kott, A., Wang, C., Erbacher, R.F. (eds.) Cyber Defense and Situational Awareness. AIS, vol. 62, pp. 47–62. Springer, Cham (2014). Scholar
  3. 3.
    Albanese, M., Battista, E., Jajodia, S., Casola, V.: Manipulating the attacker’s view of a system’s attack surface. In: IEEE Conference on Communications and Network Security, CNS 2014, pp. 472–480, San Francisco, CA, USA, October 2014Google Scholar
  4. 4.
    Albanese, M., Jajodia, S.: A graphical model to assess the impact of multi-step attacks. J. Def. Model. Simul. 15(1), 79–93 (2018)CrossRefGoogle Scholar
  5. 5.
    Albanese, M., Jajodia, S., Noel, S.: Time-efficient and cost-effective network hardening using attack graphs. In: Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, MA, USA, June 2012Google Scholar
  6. 6.
    Albanese, M., Jajodia, S., Pugliese, A., Subrahmanian, V.S.: Scalable analysis of attack scenarios. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 416–433. Springer, Heidelberg (2011). Scholar
  7. 7.
    Albanese, M., Jajodia, S., Singhal, A., Wang, L.: An efficient approach to assessing the risk of zero-day. In: Samarati, P. (ed.) Proceedings of the 10th International Conference on Security and Cryptography (SECRYPT 2013), pp. 207–218. SciTePress, Reykjavík, Iceland (July 2013)Google Scholar
  8. 8.
    Boyd, S.W., Keromytis, A.D.: SQLrand: preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 292–302. Springer, Heidelberg (2004). Scholar
  9. 9.
    Christey, S.: 2011 CWE/SANS top 25 most dangerous software errors (2011).
  10. 10.
    Connell, W., Albanese, M., Venkatesan, S.: A framework for moving target defense quantification. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 124–138. Springer, Cham (2017). Scholar
  11. 11.
    Cybenko, G., Jajodia, S., Wellman, M.P., Liu, P.: Adversarial and uncertain reasoning for adaptive cyber defense: building the scientific foundation. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 1–8. Springer, Cham (2014). Scholar
  12. 12.
    Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lockheed Martin Corporation, Bethesda (2010)Google Scholar
  13. 13.
    Jajodia, S., Noel, S.: Topological vulnerability analysis. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Cyber Situational Awareness. Advances in Information Security, vol. 46, pp. 139–154. Springer, Boston (2010). Scholar
  14. 14.
    Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense II: Application of Game Theory and Adversarial Modeling. Advances in Information Security, vol. 100. Springer, New York (2013). Scholar
  15. 15.
    Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54. Springer, New York (2011). Scholar
  16. 16.
    Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.): Cyber Situational Awareness: Issues and Research. Advances in Information Security. Springer, New York (2010). Scholar
  17. 17.
    Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron: mission-centric cyber situational awareness with defense in depth. In: Proceedings of the Military Communications Conference (MILCOM 2011), pp. 1339–1344. Baltimore, MD, USA, November 2011Google Scholar
  18. 18.
    Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches, and Challenges. MACO, vol. 5, pp. 247–266. Springer, Boston (2005). Scholar
  19. 19.
    Leversage, D.J., Byres, E.J.: Estimating a system’s mean time-to-compromise. IEEE Secur. Priv. 6(1), 52–60 (2008)CrossRefGoogle Scholar
  20. 20.
    Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Software Eng. 37(3), 371–386 (2011)CrossRefGoogle Scholar
  21. 21.
    McHugh, J.: Quality of protection: measuring the unmeasurable? In: Proceedings of the 2nd ACM Workshop on Quality of Protection (QoP 2006), pp. 1–2. ACM, Alexandria, VA, USA, October 2006Google Scholar
  22. 22.
    Natrajan, A., Ning, P., Liu, Y., Jajodia, S., Hutchinson, S.E.: NSDMiner: Automated discovery of network service dependencies. In: Proceedings of the 31st Annual International Conference on Computer Communications (INFOCOM 2012), pp. 2507–2515, Orlando, FL, USA, March 2012Google Scholar
  23. 23.
    Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), pp. 109–118. ACM, Fairfax, VA, USA, October 2004Google Scholar
  24. 24.
    Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Atluri, V. (ed.) DBSec 2008. LNCS, vol. 5094, pp. 283–296. Springer, Heidelberg (2008). Scholar
  25. 25.
    Wang, L., Jajodia, S., Singhal, A., Noel, S.: k-zero day safety: measuring the security risk of networks against unknown attacks. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 573–587. Springer, Heidelberg (2010). Scholar
  26. 26.
    Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.George Mason UniversityFairfaxUSA

Personalised recommendations