Cyber Defense and Situational Awareness pp 93-117

Part of the Advances in Information Security book series (ADIS, volume 62) | Cite as

Cognition and Technology

  • Cleotilde Gonzalez
  • Noam Ben-Asher
  • Alessandro Oltramari
  • Christian Lebiere

Abstract

As the previous chapters emphasized, the human cognition—and the technology necessary to support it—are central to Cyber Situational Awareness. Therefore, this chapter focuses on challenges and approaches to integration of information technology and computational representations of human situation awareness. To illustrate these aspects of CSA, the chapter uses the process of intrusion detection as a key example. We argue that effective development of technologies and processes that produce CAS in a way properly aligned with human cognition calls for cognitive models—dynamic and adaptable computational representations of the cognitive structures and mechanisms involved in developing SA and processing information for decision making. While visualization and machine learning are often seen among the key approaches to enhancing CSA, we point out a number of limitations in their current state of development and applications to CSA. The current knowledge gaps in our understanding of cognitive demands in CSA include the lack of a theoretical model of cyber SA within a cognitive architecture; the decision gap, representing learning, experience and dynamic decision making in the cyberspace; and the semantic gap, addressing the construction of a common language and a set of basic concepts about which the security community can develop a shared understanding.

References

  1. Albanese M, Jajodia S, Pugliese A, Subrahmanian VS (2011) Scalable analysis of attack scenarios. In: Atluri V, Diaz C (eds.) Lecture notes in computer science, vol. 6879. Springer-Verlag, Berlin, p 415-433Google Scholar
  2. Alpcan T, Basar T (2011) Network security: A decision and game-theoretic approach. Cambridge University Press, New YorkGoogle Scholar
  3. Anderson JR (1993) Rules of the mind. Lawrence Erlbaum Associates, Hillsdale, NJGoogle Scholar
  4. Anderson JR (2007) How can the human mind occur in the physical universe? Oxford University Press, OxfordCrossRefGoogle Scholar
  5. Anderson JR, Bothell D, Byrne MD, Douglass S, Lebiere C, Qin Y (2004) An integrated theory of the mind. Psych Rev 111(4):1036-1060CrossRefGoogle Scholar
  6. Anderson JR, Lebiere C (1998) The atomic components of thought. Lawrence Erlbaum Associates, HillsdaleGoogle Scholar
  7. Anderson JR, Lebiere C (2003) The Newell test for a theory of cognition. Behav Brain Sci 26(5):587-639Google Scholar
  8. Ball J, Rodgers S, Gluck K (2004) Integrating ACT-R and Cyc in a large-scale model of language comprehension for use in intelligent agents. In: Proceedings of the nineteenth national conference on artificial intelligence. AAAI Press, Menlo Park, p 19-25Google Scholar
  9. Ben-Asher N, Dutt V, Gonzalez C (2013). Accounting for integration of descriptive and experiential information in a repeated prisoner's dilemma using an instance-based learning model. In: Kennedy B, Reitter D, Amant RS (eds) Proceedings of the 22nd annual conference on behavior representation in modeling and simulation. BRIMS Society, OttawaGoogle Scholar
  10. Ben-Asher N, Gonzalez C (2014) CyberWar Game: A Paradigm for Understanding New Challenges of Cyber War (Under Review)Google Scholar
  11. Bernardi P, McLaughlin K, Yang Y, Sezer S (2014) Intrusion detection systems for critical infrastructure. In: Pathan A-SK (ed) The state of the art in intrusion prevention and detection. CRC Press, Boca Raton, p 115-138Google Scholar
  12. Best BJ, Gerhart N, Lebiere C (2010) Extracting the ontological structure of OpenCyc for reuse and portability of cognitive models. In: Proceedings of the 19th conference on behavior representation in modeling and simulation. Curran Associates, Red Hook, p 90-96Google Scholar
  13. Brehmer B (1992) Dynamic decision making: Human control of complex systems. Acta Psychol 81(3):211-241CrossRefGoogle Scholar
  14. Camerer CF (2003) Behavioral game theory: Experiments in strategic interaction. Princeton University Press, PrincetonGoogle Scholar
  15. Chauhan A, Mishra G, Kumar G (2011) Survey on data mining techniques in intrusion detection. Int J Sci Eng Res 2(7):2-4Google Scholar
  16. Cohen, WW (1995) Fast effective rule induction. In: Proceedings of the 12th international conference on machine learning. Morgan Kaufmann, Lake TahoGoogle Scholar
  17. D’Amico A, Buchanan L, Goodall J, Walczak P (2009) Mission impact of cyber events: Scenarios and ontology to express the relationship between cyber assets. Available online. http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA517410
  18. Dipert R (2013) The essential features of an ontology for cyber warfare. In: Lowther A, Yannakogeorgos P (eds) Conflict and cooperation in cyberspace: The challenge to national security. Taylor & Francis, Boca Raton, p 35-48CrossRefGoogle Scholar
  19. Dutt V, Ahn Y-S, Gonzalez C (2011) Cyber situation awareness: Modeling the security analyst in a cyber-attack scenario through instance-based learning. In: Li Y. (ed) Lecture notes in computer science, vol. 6818. Springer-Verlag, Berlin, p 281-293Google Scholar
  20. Edwards W (1962). Dynamic decision theory and probabilistic information processing. Hum Factors 4(2):59-73Google Scholar
  21. Emond B (2006) WN-LEXICAL: An ACT-R module built from the WordNet lexical database. In: Fum D, Del Missier F, Stocco A (eds) Proceedings of the seventh international conference on cognitive modeling, University of Trieste, Trieste, 5-8 April 2006Google Scholar
  22. Endsley MR (1988) Design and evaluation for situation awareness enhancement. Hum Fac Erg Soc P 32(2):97-101Google Scholar
  23. Endsley MR, Jones WM (2001) A model of inter- and intrateam situation awareness: Implications for design, training and measurement. In: McNeese M, Salas E, Endsley MR (eds) New trends in cooperative activities: Understanding system dynamics in complex environments. HFES, Santa Monica, p 46-67Google Scholar
  24. Erbacher RF (2012) Visualization design for immediate high-level situational assessment. In: Proceedings of the ninth international symposium on visualization for cyber security. ACM, New York, p 17-24Google Scholar
  25. Etoty RE, Erbacher RF, Garneau C (2014) Evaluation of the presentation of network data via visualization tools for network analysis. Technical Report #ARL-TR-6865, Army Research Lab, Adelphi MD, 20783Google Scholar
  26. Gonzalez C (2005) Decision support for real-time dynamic decision making tasks. Organ Behav Hum Dec 96(2):142-154CrossRefGoogle Scholar
  27. Gonzalez C (2013). The boundaries of Instance-based Learning Theory for explaining decisions from experience. In: Pammi VS, Srinivasan N (eds) Progress in brain research, vol. 202. Elsevier, Amsterdam, p 73-98Google Scholar
  28. Gonzalez C, Ben-Asher N, Martin JM, Dutt V (2014) A cognitive model of dynamic cooperation with varied interdependency information. Cognitive Science 1–39Google Scholar
  29. Gonzalez C, Dutt V (2011). Instance-based learning: Integrating decisions from experience in sampling and repeated choice paradigms. Psychol Rev 118(4):523-551CrossRefGoogle Scholar
  30. Gonzalez C, Juarez O, Endsley MR, Jones DG (2006). Cognitive models of situation awareness: Automatic evaluation of situation awareness in graphic interfaces. In: Proceedings of the fifteenth conference on behavior representation in modeling and simulation. Simulation Interoperability Standards Organization, Baltimore, p 45-54Google Scholar
  31. Gonzalez C, Lerch JF, Lebiere C (2003) Instance-based learning in dynamic decision making. Cog Sci 27(4):591-635CrossRefGoogle Scholar
  32. Gonzalez C, Vanyukov P, Martin MK (2005) The use of microworlds to study dynamic decision making. Comput Hum Behav 21(2):273-286CrossRefGoogle Scholar
  33. Gorman JC, Cooke NJ, Winner JL (2006) Measuring team situation awareness in decentralized command and control environments. Ergonomics 49(12-13):1312-1325CrossRefGoogle Scholar
  34. Grossklags J, Christin N, Chuang J (2008) Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 17th international conference on world wide web. ACM, New York, p 209-218Google Scholar
  35. Guarino N (1998) Formal ontology and information systems. In: Guarino N (ed) Formal ontology in information systems. IOS Press, Amsterdam, p 3-15Google Scholar
  36. Harshna, Kaur N (2013) Survey paper on data mining techniques of intrusion detection. Int J Sci Eng Technol Res 2(4):799-802Google Scholar
  37. Hazon N, Chakraborty N, Sycara K (2011) Game theoretic modeling and computational analysis of n-player conflicts over resources. In: Proceedings of the 2011 IEEE international conference on privacy, security, risk and trust and IEEE international conference on social computing. Conference Publishing Services, Los Alamitos, p 380-387Google Scholar
  38. Jajodia S, Liu P, Swarup V, Wang C (2010) Cyber situational awareness: Issues and research. Springer, New YorkCrossRefGoogle Scholar
  39. Joint Staff Department of Defense (2010). Joint terminology for cyber operations. Available online. http://publicintelligence.net/dod-joint-cyber-terms/
  40. Kennedy WG, Hailegiorgis AB, Rouleau M, Bassett JK, Coletti M, Balan GC, Gulden T (2010) An agent-based model of conflict in East Africa and the effect of watering holes. In: Proceedings of the 19th conference on behavior representation in modeling and simulation. Curran Associates, Red Hook, p 112-119Google Scholar
  41. Klein G, Moon B, Hoffman RR (2006a) Making sense of sensemaking 1: Alternative perspectives. IEEE Intell Syst 21(4):70-73CrossRefGoogle Scholar
  42. Klein G, Moon B, Hoffman RR (2006b) Making sense of sensemaking 2: A macrocognitive model. IEEE Intell Syst 21(5):88-92CrossRefGoogle Scholar
  43. Kotenko I (2005) Agent-based modeling and simulation of cyber-warfare between malefactors and security agents in internet. In: Merkuryev Y, Zobel R, Kerckhoffs E (eds) Proceedings of 19th European conference on modeling and simulation, Riga Technical University, Riga, 1-4 June 2005Google Scholar
  44. Kotenko I (2007) Multi-agent modelling and simulation of cyber-attacks and cyber-defense for homeland security. In: Proceedings of the 4th IEEE workshop on intelligent data acquisition and advanced computing systems: technology and applications. IEEE, Los Alamitos, p 614-619Google Scholar
  45. Lakkaraju K, Yurcik W, Lee AJ (2004) NVisionIP: NetFlow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, p 65-72Google Scholar
  46. Lebiere C (1999) The dynamics of cognition: An ACT-R model of cognitive arithmetic. Kognitionswissenschaft 8(1):5-19CrossRefGoogle Scholar
  47. Lebiere C, Pirolli P, Thomson R, Paik J, Rutledge-Taylor M, Staszewski J, Anderson JR (2013) A functional model of sensemaking in a neurocognitive architecture. Comp Intell Neurosci 2013: 921695.Google Scholar
  48. Lebiere C, Gray R, Salvucci D, West R (2003) Choice and learning under uncertainty: A case study in baseball batting. In Alterman R, Kirsch D (eds) Proceedings of the 25th annual conference of the cognitive science society. Lawrence Erlbaum Associates, Boston, p 704-709Google Scholar
  49. Lejarraga T, Dutt V, Gonzalez C (2012) Instance-based learning: A general model of repeated binary choice. J Behav Decis Making 25(2):143-153CrossRefGoogle Scholar
  50. Lenat DB, Prakash M, Shepherd M (1985). CYC: Using common sense knowledge to overcome brittleness and knowledge acquisition bottlenecks. Artif Intell 6(4):65-85Google Scholar
  51. Lye K-W, Wing JM (2005). Game strategies in network security. Int J Inf Secur 4(1-2):71-86CrossRefGoogle Scholar
  52. Manshaei MH, Zhu Q, Alpcan T, Bacsar T, Hubaux JP (2013) Game theory meets network security and privacy. ACM Comput Surv 45(3):25CrossRefGoogle Scholar
  53. Martin JM, Gonzalez C, Juvina I, Lebiere C (2013) A description-experience gap in social interactions: Information about interdependence and its effects on cooperation. J Behav Decis Making 27(4):349-362Google Scholar
  54. McCarthy J (1980) Circumscription – A form of non-monotonic reasoning. Artif Intell 13(1-2):27–39CrossRefMATHGoogle Scholar
  55. The MITRE Corporation (2010) Science of cyber-security. The MITRE Corporation, McLean, VA, Technical Report.Google Scholar
  56. Mundie D (2013) How ontologies can help build a science of cyber security. Available online. http://www.cert.org/blogs/insider_threat/2013/03/how_ontologies_can_help_build_a_science_of_cybersecurity.html
  57. Newell A (1990) Unified theories of cognition. Harvard University Press, CambridgeGoogle Scholar
  58. Obrst L, Chase P, Markeloff R (2012) Developing an ontology of the cyber security domain. In: Costa PCG, Laskey KB (eds) Proceedings of the seventh international conference on semantic technologies for intelligence, defense, and security, George Mason University, Fairfax, 23-26 October 2012Google Scholar
  59. Oltramari A, Lebiere C, Ben-Asher N, Juvina I, Gonzalez C (2013) Modeling strategic dynamics under alternative information conditions. In: West RL, Stewart TC (eds) Proceedings of the 12th international conference on cognitive modeling. ICCM, p 390-395Google Scholar
  60. Pita J, Jain M, Marecki J, Ordóñez F, Portway C, Tambe M, Western C, Paruchuri P, Kraus S (2008) Deployed ARMOR protection: The application of a game theoretic model for security at the Los Angeles International Airport. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems: industrial track, p 125-132Google Scholar
  61. Pita J, John R, Maheswaran R, Tambe M, Yang R, Kraus S (2012) A robust approach to addressing human adversaries in security games. In: Proceedings of the 11th international conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, Richland, p 1297-1298Google Scholar
  62. Rowley J (2007) The wisdom hierarchy: representations of the DIKW hierarchy. J Inf Sci 33(2):163-180CrossRefGoogle Scholar
  63. Roy S, Ellis C, Shiva S, Dasgupta D, Shandilya V, Wu Q (2010) A survey of game theory as applied to network security. In: Sprague RH Jr. (ed) Proceedings of the 43rd Hawaii international conference on system sciences. IEEE: Los AlamitosGoogle Scholar
  64. Saner LD, Bolstad CA, Gonzalez C, Cuevas HM (2009) Measuring and predicting shared situation awareness in teams. J Cog Eng Decis Making 3(3):280-308CrossRefGoogle Scholar
  65. Singer PW, Friedman A (2014) Cybersecurity and cyberwar: What everyone needs to know. Oxford University Press, New YorkGoogle Scholar
  66. Sowa JF (1984) Conceptual structures: Information processing in mind and machine. Addison Wesley, ReadingMATHGoogle Scholar
  67. Staab S, Studer R (2003) Handbook on ontologies. Springer-Verlag, BerlinGoogle Scholar
  68. Taatgen N, Lebiere C, Anderson JR (2006) Modeling paradigms in ACT-R. In: Sun R (ed) Cognition and multi-agent interaction: From cognitive modeling to social simulation. Cambridge University Press, New York, p 29-52Google Scholar
  69. Tufte ER, Graves-Morris PR (1983) The visual display of quantitative information, vol. 2. Graphics Press, CheshireGoogle Scholar
  70. Undercoffer J, Joshi A, Pinkston J (2003) Modeling computer attacks: An ontology for intrusion detection. In: Vigna G, Kruegel C (eds) Lecture notes in computer science, vol. 2820. Springer-Verlag, Berlin, p 113-135Google Scholar
  71. West RL, Lebiere C (2001) Simple games as dynamic, coupled systems: Randomness and other emergent properties. J Cog Syst Res 1(4):221-239CrossRefGoogle Scholar
  72. West RL, Lebiere C, Bothell DJ (2006) Cognitive architecture, game playing, and human evolution. In: Sun R (ed) Cognition and multi-agent interaction: From cognitive modeling to social simulation. Cambridge University Press, New York, p 103-123Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Cleotilde Gonzalez
    • 1
  • Noam Ben-Asher
    • 2
  • Alessandro Oltramari
    • 3
  • Christian Lebiere
    • 3
  1. 1.Social and Decision Sciences DepartmentCarnegie Mellon UniversityPittsburghUSA
  2. 2.Dynamic Decision Making Laboratory, Social and Decision Sciences DepartmentCarnegie Mellon UniversityPittsburghUSA
  3. 3.Department of PsychologyCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations