Skip to main content
SpringerLink
Log in

Can Cyber Operations Be Made Autonomous? An Answer from the Situational Awareness Viewpoint

  • Chapter
  • First Online:
Adaptive Autonomous Secure Cyber Systems

Abstract

Although many building blocks of today’s cyber-defense solutions are already fully automatic, there is still a debate on whether next-generation cyber-defense solutions should be wholly autonomous. In this paper, we contribute to the debate in the context of Cybersecurity Operations Centers (CSOCs), which have been widely established in prominent companies and organizations to achieve cyber situational awareness. Based on the lessons we learned from a recent case study on making CSOC data triage operations more autonomous, we conclude that instead of asking whether cyber operations can be made autonomous or not, it seems more appropriate to ask the following questions: (a) How to make cyber operations more autonomous? (b) What is the right research roadmap for making cyber operations more autonomous? We also comment on what should be the current frontier in building a significantly better CSOC.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.tesla.com/autopilot.

References

  1. D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. van den Driessche, J. Schrittwieser, I. Antonoglou, V. Panneershelvam, M. Lanctot, S. Dieleman, D. Grewe, J. Nham, N. Kalchbrenner, I. Sutskever, T. Lillicrap, M. Leach, K. Kavukcuoglu, T. Graepel, and D. Hassabis, “Mastering the game of go with deep neural networks and tree search,” Nature, vol. 529, pp. 484–489, 2016.

    Article  Google Scholar 

  2. A. D’Amico and K. Whitley, “The real work of computer network defense analysts,” in VizSEC 2007, pp. 19–37, Springer, 2008.

    Google Scholar 

  3. J. Yen, R. F. Erbacher, C. Zhong, and P. Liu, “Cognitive process,” in Cyber Defense and Situational Awareness, pp. 119–144, Springer, 2014.

    Google Scholar 

  4. P. Institute, “The state of malware detection and prevention,” Cyphort, 2016.

    Google Scholar 

  5. FireEye, “The total cost of handling too many alerts versus managing risk,” 2016.

    Google Scholar 

  6. C. Zhong, J. Yen, P. Liu, and R. F. Erbacher, “Learning from experts’ experience: Toward automated cyber security data triage,” IEEE Systems Journal, 2018.

    Google Scholar 

  7. C. Zhong, J. Yen, P. Liu, R. F. Erbacher, C. Garneau, and B. Chen, “Studying analysts’ data triage operations in cyber defense situational analysis,” in Theory and Models for Cyber Situation Awareness, pp. 128–169, Springer, 2017.

    Google Scholar 

  8. T. Bass, “Intrusion detection systems and multisensor data fusion,” Communications of the ACM, vol. 43, no. 4, pp. 99–105, 2000.

    Article  Google Scholar 

  9. D. P. Biros and T. Eppich, “Theme: security-human element key to intrusion detection,” Signal-Fairfax, vol. 55, no. 12, pp. 31–34, 2001.

    Google Scholar 

  10. K. A. Ericsson and A. C. Lehmann, “Expert and exceptional performance: Evidence of maximal adaptation to task constraints,” Annual review of psychology, vol. 47, no. 1, pp. 273–305, 1996.

    Article  Google Scholar 

  11. C. Zhong, D. Samuel, J. Yen, P. Liu, R. Erbacher, S. Hutchinson, R. Etoty, H. Cam, and W. Glodek, “Rankaoh: Context-driven similarity-based retrieval of experiences in cyber analysis,” in Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2014 IEEE International Inter-Disciplinary Conference on, pp. 230–236, IEEE, 2014.

    Google Scholar 

  12. C. Zhong, T. Lin, P. Liu, J. Yen, and K. Chen, “A cyber security data triage operation retrieval system,” Computers & Security, vol. 76, pp. 12–31, 2018.

    Article  Google Scholar 

  13. R. F. Erbacher, D. A. Frincke, P. C. Wong, S. Moody, and G. Fink, “A multi-phase network situational awareness cognitive task analysis,” Information Visualization, vol. 9, no. 3, pp. 204–219, 2010.

    Article  Google Scholar 

  14. R. Sadoddin and A. Ghorbani, “Alert correlation survey: framework and techniques,” in Proceedings of the 2006 international conference on privacy, security and trust: bridge the gap between PST technologies and business services, pp. 37–38, ACM, 2006.

    Google Scholar 

  15. ArcSight, “Building a successful security operations center,” 2010. Research 014-052809-09.

    Google Scholar 

  16. D. Nathans, Designing and Building Security Operations Center. Syngress, 2014.

    Google Scholar 

  17. D. Miller, S. Harris, A. Harper, S. VanDyke, and C. Blask, Security information and event management (SIEM) implementation. McGraw Hill Professional, 2010.

    Google Scholar 

  18. McAfee, “Siem best practices: Correlation rule and engine debugging,” 2014. Report No. PD25633.

    Google Scholar 

  19. C. Zhong, J. Yen, P. Liu, and R. F. Erbacher, “Automate cybersecurity data triage by leveraging human analysts’ cognitive process,” in Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 2016 IEEE 2nd International Conference on, pp. 357–363, IEEE, 2016.

    Google Scholar 

  20. C. Zhong, J. Yen, P. Liu, R. Erbacher, R. Etoty, and C. Garneau, “An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes,” in Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, pp. 8–9, ACM, 2015.

    Google Scholar 

  21. C. Zhong, J. Yen, P. Liu, R. Erbacher, R. Etoty, and C. Garneau, “Arsca: a computer tool for tracing the cognitive processes of cyber-attack analysis,” in Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2015 IEEE International Inter-Disciplinary Conference on, pp. 165–171, IEEE, 2015.

    Google Scholar 

  22. K. Cook, G. Grinstein, M. Whiting, M. Cooper, P. Havig, K. Liggett, B. Nebesh, and C. L. Paul, “Vast challenge 2012: Visual analytics for big data,” in Visual Analytics Science and Technology (VAST), 2012 IEEE Conference on, pp. 251–255, IEEE, 2012.

    Google Scholar 

Download references

Acknowledgement

This work was supported by ARO W911NF-15-1-0576 and ARO W911NF-13-1-0421 (MURI).

Author information

Authors and Affiliations

  1. Indiana University Kokomo, Kokomo, IN, USA

    Chen Zhong

  2. College of Information Sciences and Technology, Pennsylvania State University, State College, PA, USA

    John Yen & Peng Liu

Authors
  1. Chen Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Yen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peng Liu .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, VA, USA

    Sushil Jajodia

  2. Thayer School of Engineering, Dartmouth College, Hanover, NH, USA

    George Cybenko

  3. Department of Computer Science, Dartmouth College, Hanover, NH, USA

    V.S. Subrahmanian

  4. MS T310, MITRE Corporation, McLean, VA, USA

    Vipin Swarup

  5. Computing and Information Science Division, Army Research Office, Durham, NC, USA

    Cliff Wang

  6. Computer Science & Engineering, University of Michigan, Ann Arbor, MI, USA

    Michael Wellman

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Zhong, C., Yen, J., Liu, P. (2020). Can Cyber Operations Be Made Autonomous? An Answer from the Situational Awareness Viewpoint. In: Jajodia, S., Cybenko, G., Subrahmanian, V., Swarup, V., Wang, C., Wellman, M. (eds) Adaptive Autonomous Secure Cyber Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-33432-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-33432-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-33431-4

  • Online ISBN: 978-3-030-33432-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation