Automated Cyber Situation Awareness Tools and Models for Improving Analyst Performance

Chapter
Part of the Advances in Information Security book series (ADIS, volume 61)

Abstract

An ever increasing number of critical missions rely today on complex Information Technology infrastructures, making such missions vulnerable to a wide range of potentially devastating cyber-attacks. Attackers can exploit network configurations and vulnerabilities to incrementally penetrate a network and compromise critical systems, thus rendering security monitoring and intrusion detection much more challenging. It is also evident from the ever growing number of high-profile cyber-attacks reported in the news that not only are cyber-attacks growing in sophistication but also in numbers. For these reasons, cyber-security analysts need to continuously monitor large amounts of alerts and data from a multitude of sensors in order to detect attacks in a timely manner and mitigate their impact. However—given the inherent complexity of the problem—manual analysis is labor-intensive and error-prone, and distracts the analyst from getting the “big picture” of the cyber situation.

References

  1. 1.
    M. Albanese, S. Jajodia, and S. Noel. “Time-Efficient and Cost-Effective Network Hardening Using Attack Graphs”. In Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, Massachusetts, USA, June 25-28, 2012.Google Scholar
  2. 2.
    M. Albanese, S. Jajodia, A. Pugliese, and V. S. Subrahmanian. “Scalable Analysis of Attack Scenarios”. In Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS 2011), pages 416-433, Leuven, Belgium, September 12-14, 2011.Google Scholar
  3. 3.
    M. Albanese, A. Pugliese, and V. S. Subrahmanian. “Fast Activity Detection: Indexing for Temporal Stochastic Automaton based Activity Models”. IEEE Transactions on Knowledge and Data Engineering, 2013.Google Scholar
  4. 4.
    “Cyber Situational Awareness: Issues and Research”. S. Jajodia, P. Liu, V. Swarup, and C. Wang (Eds.), Vol. 46 of Advances in Information Security, Springer, 2010.Google Scholar
  5. 5.
    H. Gardner. “The Mind’s New Science: A History of the Cognitive Revolution”, Basic Books, 1987.Google Scholar
  6. 6.
    P. Johnson-Laird, “How We Reason”, Oxford University Press, 2006.Google Scholar
  7. 7.
    M. Endsley. “Toward a theory of situation awareness in dynamic systems”. In Human Factors Journal, volume 37(1), pages 32–64, March 1995.Google Scholar
  8. 8.
    D. S. Alberts, J. J. Garstka, R. E. Hayes, and D. A. Signori. “Understanding information age warfare”. In DoD Command and Control Research Program Publication Series, 2001.Google Scholar
  9. 9.
    P. Ammann, D. Wijesekera, and S. Kaushik, “Scalable, graph-based network vulnerability analysis,” in Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 217–224, Washington, DC, USA, November 2002.Google Scholar
  10. 10.
    C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability analysis,” in Proceedings of the New Security Paradigms Workshop (NSPW 1998), pp. 71–79, Charlottesville, VA, USA, September 1998.Google Scholar
  11. 11.
    S. Jajodia, S. Noel, P. Kalapa, M. Albanese, and J. Williams, “Cauldron: Mission-centric cyber situational awareness with defense in depth,” in Proceedings of the Military Communications Conference (MILCOM 2011), Baltimore, MD, USA, November 2011.Google Scholar
  12. 12.
    L. Wang, A. Liu, and S. Jajodia, “Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts,” Computer Communications, vol. 29, no. 15, pp. 2917–2933, September 2006.Google Scholar
  13. 13.
    M. Albanese, S. Jajodia, A. Singhal, and L. Wang. “An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities”. In Proceedings of the 10th International Conference on Security and Cryptography (SECRYPT 2013), Reykjavìk, Iceland, July 29-31, 2013.Google Scholar
  14. 14.
    H. Cam, P. Mouallem, Y. Mo, B. Sinopoli, and B. Nkrumah, “Modeling Impact of Attacks, Recovery, and Attackability Conditions for Situational Awareness”, Proc. of 2014 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), March 3-6, 2014, San Antonio, TX, USA.Google Scholar
  15. 15.
    P. Xie, J.H. Li, X. Ou, P. Liu, and R. Levy, “Using Bayesian Networks for Cyber Security Analysis,” Proc. of 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2010.Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Massimiliano Albanese
    • 1
  • Hasan Cam
    • 2
  • Sushil Jajodia
    • 1
  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA
  2. 2.Network Science DivisionU.S. Army Research LaboratoryAdelphiUSA

Personalised recommendations