论文信息 - Realizing situation awareness within a cyber environment

Realizing situation awareness within a cyber environment

Situation Awareness (SA) problems all require an understanding of current activities, an ability to anticipate what may happen next, and techniques to analyze the threat or impact of current activities and predictions. These processes of SA are common regardless of the domain and can be applied to the detection of cyber attacks. This paper will describe the application of a SA framework to implementing Cyber SA, describe some metrics for measuring and evaluating systems implementing Cyber SA, and discuss ongoing work in this area. We conclude with some ideas for future activities.

[1] A. Volgenant,et al. A shortest augmenting path algorithm for dense and sparse linear assignment problems , 1987, Computing.

[2] Hervé Debar,et al. Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[3] Peng Ning,et al. Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[4] Mica R. Endsley,et al. Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[5] John J. Salerno,et al. Evaluating algorithmic techniques in supporting situation awareness , 2005, SPIE Defense + Commercial Sensing.

[6] Christopher Krügel,et al. Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[7] John J. Salerno,et al. A situation awareness model applied to multiple domains , 2005, SPIE Defense + Commercial Sensing.