Skip to main content

Automated Cyber Situation Awareness Tools and Models for Improving Analyst Performance

Part of the Advances in Information Security book series (ADIS,volume 61)

Abstract

An ever increasing number of critical missions rely today on complex Information Technology infrastructures, making such missions vulnerable to a wide range of potentially devastating cyber-attacks. Attackers can exploit network configurations and vulnerabilities to incrementally penetrate a network and compromise critical systems, thus rendering security monitoring and intrusion detection much more challenging. It is also evident from the ever growing number of high-profile cyber-attacks reported in the news that not only are cyber-attacks growing in sophistication but also in numbers. For these reasons, cyber-security analysts need to continuously monitor large amounts of alerts and data from a multitude of sensors in order to detect attacks in a timely manner and mitigate their impact. However—given the inherent complexity of the problem—manual analysis is labor-intensive and error-prone, and distracts the analyst from getting the “big picture” of the cyber situation.

Keywords

  • Intrusion Detection
  • Situation Awareness
  • Intrusion Detection System
  • Concurrent Operation
  • Attack Graph

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

The work of Sushil Jajodia and Massimiliano Albanese was supported in part by the Army Research Office under awards W911NF-13-1-0421, W911NF-09-1-0525, and W911NF-13-1-0317, and by the Office of Naval Research under awards N00014-12-1-0461 and N00014-13-1-0703.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-10374-7_3
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-319-10374-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Hardcover Book
USD   139.99
Price excludes VAT (USA)
Fig. 3.1
Fig. 3.2
Fig. 3.3
Fig. 3.4
Fig. 3.5
Fig. 3.6

References

  1. M. Albanese, S. Jajodia, and S. Noel. “Time-Efficient and Cost-Effective Network Hardening Using Attack Graphs”. In Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, Massachusetts, USA, June 25-28, 2012.

    Google Scholar 

  2. M. Albanese, S. Jajodia, A. Pugliese, and V. S. Subrahmanian. “Scalable Analysis of Attack Scenarios”. In Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS 2011), pages 416-433, Leuven, Belgium, September 12-14, 2011.

    Google Scholar 

  3. M. Albanese, A. Pugliese, and V. S. Subrahmanian. “Fast Activity Detection: Indexing for Temporal Stochastic Automaton based Activity Models”. IEEE Transactions on Knowledge and Data Engineering, 2013.

    Google Scholar 

  4. “Cyber Situational Awareness: Issues and Research”. S. Jajodia, P. Liu, V. Swarup, and C. Wang (Eds.), Vol. 46 of Advances in Information Security, Springer, 2010.

    Google Scholar 

  5. H. Gardner. “The Mind’s New Science: A History of the Cognitive Revolution”, Basic Books, 1987.

    Google Scholar 

  6. P. Johnson-Laird, “How We Reason”, Oxford University Press, 2006.

    Google Scholar 

  7. M. Endsley. “Toward a theory of situation awareness in dynamic systems”. In Human Factors Journal, volume 37(1), pages 32–64, March 1995.

    Google Scholar 

  8. D. S. Alberts, J. J. Garstka, R. E. Hayes, and D. A. Signori. “Understanding information age warfare”. In DoD Command and Control Research Program Publication Series, 2001.

    Google Scholar 

  9. P. Ammann, D. Wijesekera, and S. Kaushik, “Scalable, graph-based network vulnerability analysis,” in Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 217–224, Washington, DC, USA, November 2002.

    Google Scholar 

  10. C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability analysis,” in Proceedings of the New Security Paradigms Workshop (NSPW 1998), pp. 71–79, Charlottesville, VA, USA, September 1998.

    Google Scholar 

  11. S. Jajodia, S. Noel, P. Kalapa, M. Albanese, and J. Williams, “Cauldron: Mission-centric cyber situational awareness with defense in depth,” in Proceedings of the Military Communications Conference (MILCOM 2011), Baltimore, MD, USA, November 2011.

    Google Scholar 

  12. L. Wang, A. Liu, and S. Jajodia, “Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts,” Computer Communications, vol. 29, no. 15, pp. 2917–2933, September 2006.

    Google Scholar 

  13. M. Albanese, S. Jajodia, A. Singhal, and L. Wang. “An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities”. In Proceedings of the 10th International Conference on Security and Cryptography (SECRYPT 2013), Reykjavìk, Iceland, July 29-31, 2013.

    Google Scholar 

  14. H. Cam, P. Mouallem, Y. Mo, B. Sinopoli, and B. Nkrumah, “Modeling Impact of Attacks, Recovery, and Attackability Conditions for Situational Awareness”, Proc. of 2014 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), March 3-6, 2014, San Antonio, TX, USA.

    Google Scholar 

  15. P. Xie, J.H. Li, X. Ou, P. Liu, and R. Levy, “Using Bayesian Networks for Cyber Security Analysis,” Proc. of 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2010.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Massimiliano Albanese .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Albanese, M., Cam, H., Jajodia, S. (2014). Automated Cyber Situation Awareness Tools and Models for Improving Analyst Performance. In: Pino, R., Kott, A., Shevenell, M. (eds) Cybersecurity Systems for Human Cognition Augmentation. Advances in Information Security, vol 61. Springer, Cham. https://doi.org/10.1007/978-3-319-10374-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10374-7_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10373-0

  • Online ISBN: 978-3-319-10374-7

  • eBook Packages: Computer ScienceComputer Science (R0)