Advertisement

Computer-Aided Human Centric Cyber Situation Awareness

  • Massimiliano Albanese
  • Nancy Cooke
  • González Coty
  • David Hall
  • Christopher Healey
  • Sushil Jajodia
  • Peng Liu
  • Michael D. McNeese
  • Peng Ning
  • Douglas Reeves
  • V. S. Subrahmanian
  • Cliff Wang
  • John Yen
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10030)

Abstract

In this chapter, we provide an overview of Cyber Situational Awareness, an emerging research area in the broad field of cyber security, and discuss, at least at a high level, how to gain Cyber Situation Awareness. Our discussion focuses on answering the following questions: What is Cyber Situation Awareness? Why is research needed? What are the current research objectives and inspiring scientific principles? Why should one take a multidisciplinary approach? How could one take an end-to-end holistic approach? What are the future research directions?

Notes

Acknowledgements

We would like to thank the Army Research Office (ARO) for sponsoring this MURI project. This work was supported by ARO award W911NF-09-1-0525.

References

  1. [ACJ14]
    Albanese, M., Cam, H., Jajodia, S.: Automated cyber situation awareness tools for improving analyst performance. In: Pino, R.E., Kott, A., Shevenell, M. (eds.) Cybersecurity Systems for Human Cognition Augmentation. Advances in Information Security, vol. 61, pp. 47–60. Springer, Cham (2014)Google Scholar
  2. [AJN12]
    Albanese, M., Jajodia, S., Noel, S.: Time-efficient and cost-effective network hardening using attack graphs. In: Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), 25–28 June, Boston, Massachusetts, USA (2012)Google Scholar
  3. [AMP11]
    Albanese, M., Molinaro, C., Persia, F., Picariello, A., Subrahmanian, V.S.: Finding unexplained activities in video. In: Proceedings of 2011 International Joint Conference on Artificial Intelligence, accepted for both a talk and poster presentation, Barcelona, July 2011Google Scholar
  4. [AMP14]
    Albanese, M., Molinaro, C., Persia, F., Picariello, A., Subrahmanian, V.S.: Discovering the top-k unexplained sequences in time-stamped observation data. IEEE Trans. Knowl. Data Eng. 26(3), 577–594 (2014)CrossRefGoogle Scholar
  5. [CLY12]
    Chen, P.-C., Liu, P., Yen, J., Mullen, T.: Experience-based cyber situation recognition using relaxable logic patterns. In: The 2nd IEEE International Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA 2012), New Orleans, LA, 6–8 March 2012 (2012)Google Scholar
  6. [DAG13]
    Dutt, V., Ahn, Y., Gonzalez, C.: Cyber situation awareness: modeling detection of cyber attacks with instance-based learning theory. Hum. Factors 55(3), 605–618 (2013)CrossRefGoogle Scholar
  7. [DSL12]
    Dai, J., Sun, X., Liu, P., Giacobe, N.: Gaining big picture awareness through an interconnected cross-layer situation knowledge reference model. In: ASE International Conference on Cyber Security, Washington DC, 14–16 December (2012)Google Scholar
  8. [Gardner87]
    Gardner, H.: The Mind’s New Science: A History of the Cognitive Revolution. Basic Books, New York (1987)Google Scholar
  9. [GM13]
    Giacobe, N.A., McNeese, M.D., Mancuso, V.F., Minotra, D.: Capturing human cognition in cyber-security simulations with NETS. In: 2013 IEEE International Conference on Intelligence and Security Informatics (ISI), 4–7 June 2013, pp. 284–288 (2013)Google Scholar
  10. [HH16]
    Healey, C.G., Hao, L., Hutchinson, S.E.: Visualizations and analysts. In: Erbacher, R., Kott, A., Wang, C. (eds.) Cyber Defense and Situational Awareness. Advances in Information Security, vol. 62, pp. 145–165. Springer, Cham (2016)Google Scholar
  11. [HS88]
    Hart, S.G., Staveland, L.E.: Development of NASA-TLX (Task Load Index): results of empirical and theoretical research. Adv. Psychol. 52, 139–183 (1988)CrossRefGoogle Scholar
  12. [JCR12]
    Jariwala, S., Champion, M., Rajivan, P., Cooke, N.J.: Influence of team communication and coordination on the performance of teams at the iCTF competition. In: Proceedings of the 56th Annual Conference of the Human Factors and Ergonomics Society, Human Factors and Ergonomics Society, Santa Monica (2012)Google Scholar
  13. [JCR16]
    Jariwala, S., Champion, M., Rajivan, P., Cooke, N.J.: Influence of team communication and coordination on the performance of teams at the iCTF competition. In: Proceedings of the 56th Annual Conference of the Human Factors and Ergonomics Society, Human Factors and Ergonomics Society, Santa Monica (2016)Google Scholar
  14. [MGL15]
    Zhao, M., Grossklags, J., Liu, P.: An empirical study of web vulnerability discovery ecosystems. In: ACM CCS (2015)Google Scholar
  15. [MMP14]
    Molinaro, C., Moscato, V., Picariello, A., Pugliese, A., Rullo, A., Subrahmanian, V.S.: PADUA: a parallel architecture to detect unexplained activities. ACM Trans. Internet Technol. 14, 3 (2014)CrossRefGoogle Scholar
  16. [NNL12]
    Natrajan, A., Ning, P., Liu, Y., Jajodia, S., Hutchinson, S.E.: NSDMine: automated discovery of network service dependencies. In: Proceedings of the 31st Annual International Conference on Computer Communications (INFOCOM 2012), 25–30 March 2012, Orlando, Florida (2012)Google Scholar
  17. [PNJ12]
    Peddycord III, B., Ning, P., Jajodia, S.: On the accurate identification of network service dependencies in distributed systems. In: Proceedings of the USENIX 26th Large Installation System Administration Conference (LISA 2012), San Diego, CA, 9–14 December (2012)Google Scholar
  18. [RB14]
    Rimland, J., Ballora, M.: Using complex event processing (CEP) and vocal synthesis techniques to improve comprehension of sonified human-centric data. In: Proceedings of the SPIE Conference on Sensing Technology and Applications, vol. 9122, June 2014Google Scholar
  19. [RC16]
    Rajivan, P., Cooke, N.J.: A methodology for research on the cognitive science of cyber defense. J. Cognit. Eng. Decis. Making Special Issue on Cybersecurity Decision Making (2016)Google Scholar
  20. [RSC11]
    Rajivan, P., Shankaranarayanan, V., Cooke, N.J.: CyberCog: a synthetic task environment for studies of cyber situation awareness. In: Presentation and Proceedings of 10th International Conference on Naturalistic Decision Making (NDM), May 31-June 3, Orlando, FL (2011)Google Scholar
  21. [SJP15]
    Serra, E., Jajodia, S., Pugliese, A., Rullo, A., Subrahmanian, V.S.: Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. 17(3) (2015)Google Scholar
  22. [SST09]
    Scielzo, S., Strater, L.D., Tinsley, M.L., Ungvarsky, D.M., Endsley, M.R.: Developing a subjective shared situation awareness inventory for teams. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 53, no. 4, pp. 289–293. SAGE Publications, Los Angeles (2009)Google Scholar
  23. [Taylor90]
    Taylor, R.M.: Situational awareness rating technique (SART): the development of a tool for aircrew systems design. In: Situational Awareness in Aerospace Operations (AGARD-CP-478), pp. 3/1–3/17, Neuilly Sur Seine, NATO – AGARD, France (1990)Google Scholar
  24. [TS09]
    Tadda, G.P., Salerno, J.S.: Overview of cyber situation awareness. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Cyber Situational Awareness. Advances in Information Security, vol. 46, pp. 15–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. [WNX13]
    Wang, R., Ning, P., Xie, T., Chen, Q.: MetaSymploit: day-one defense against script-bases attacks with security-enhanced symbolic analysis. In: Proceedings of 22nd USENIX Security Symposium (Security 2013), August 2013Google Scholar
  26. [XLO10]
    Xie, P., Li, J.H., Ou, X., Liu, P., Levy, R.: Using bayesian networks for cyber security analysis. In: Proceedings of IEEE DSN-DCCS (2010)Google Scholar
  27. [ZK13]
    Zhong, C., Kirubakaran, D.S., Yen, J., Liu, P., Hutchinson, S., Cam, H.: How to use experience in cyber analysis: an analytical reasoning support system. In: Proceedings of IEEE Conference on Intelligence and Security Informatics (ISI) (2013)Google Scholar
  28. [ZSY14]
    Zhong, C., Samuel, D., Yen, J., Liu, P., Erbacher, R., Hutchinson, S., Etoty, R., Cam, H., Glodek, W.: RankAOH: context-driven similarity-based retrieval of experiences in cyber analysis. In: Proceedings of IEEE CogSIMA Conference (2014)Google Scholar
  29. [ZYL17]
    Zhong, C., et al.: Studying analysts data triage operations in cyber defense situational analysis. In: Liu, P., Jajodia, S., Wang, C. (eds) Theory and Models for Cyber Situation Awareness. LNCS, vol. 10030, pp. 128–169. Springer, Cham (2017)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Massimiliano Albanese
    • 1
  • Nancy Cooke
    • 2
  • González Coty
    • 3
  • David Hall
    • 4
  • Christopher Healey
    • 5
  • Sushil Jajodia
    • 1
  • Peng Liu
    • 4
  • Michael D. McNeese
    • 4
  • Peng Ning
    • 5
  • Douglas Reeves
    • 5
  • V. S. Subrahmanian
    • 6
  • Cliff Wang
    • 7
  • John Yen
    • 4
  1. 1.George Mason UniversityFairfaxUSA
  2. 2.Arizona State UniversityMesaUSA
  3. 3.Carnegie Mellon UniversityPittsburgUSA
  4. 4.Pennsylvania State UniversityUniversity ParkUSA
  5. 5.North Carolina State UniversityRaleighUSA
  6. 6.University of MarylandCollege ParkUSA
  7. 7.Army Research OfficeRaleighUSA

Personalised recommendations