Automated Cyber Situation Awareness Tools and Models for Improving Analyst Performance

An ever increasing number of critical missions rely today on complex Information Technology infrastructures, making such missions vulnerable to a wide range of potentially devastating cyber-attacks. Attackers can exploit network configurations and vulnerabilities to incrementally penetrate a network and compromise critical systems, thus rendering security monitoring and intrusion detection much more challenging. It is also evident from the ever growing number of high-profile cyber-attacks reported in the news that not only are cyber-attacks growing in sophistication but also in numbers. For these reasons, cyber-security analysts need to continuously monitor large amounts of alerts and data from a multitude of sensors in order to detect attacks in a timely manner and mitigate their impact. However—given the inherent complexity of the problem—manual analysis is labor-intensive and error-prone, and distracts the analyst from getting the “big picture” of the cyber situation.

[1]  Richard E. Hayes,et al.  Understanding Information Age Warfare , 2001 .

[2]  P. Johnson-Laird How We Reason , 2006 .

[3]  Sushil Jajodia,et al.  Scalable Analysis of Attack Scenarios , 2011, ESORICS.

[4]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[5]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[6]  Sushil Jajodia,et al.  Time-efficient and cost-effective network hardening using attack graphs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[7]  Sushil Jajodia,et al.  Cyber Situational Awareness - Issues and Research , 2009, Cyber Situational Awareness.

[8]  H. Gardner The mind's new science: a history of the cognitive revolution , 1985 .

[9]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[10]  Bruno Sinopoli,et al.  Modeling impact of attacks, recovery, and attackability conditions for situational awareness , 2014, 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[11]  Sushil Jajodia,et al.  Cauldron mission-centric cyber situational awareness with defense in depth , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[12]  Sushil Jajodia,et al.  An efficient approach to assessing the risk of zero-day vulnerabilities , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[13]  V. S. Subrahmanian,et al.  Fast Activity Detection: Indexing for Temporal Stochastic Automaton-Based Activity Models , 2013, IEEE Transactions on Knowledge and Data Engineering.

[14]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[15]  Sushil Jajodia,et al.  Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts , 2006, Comput. Commun..