An Integrated Framework for Cyber Situation Awareness

In this chapter, we present a framework that integrates an array of techniques and automated tools designed with the objective of drastically enhancing the Cyber Situation Awareness process. This framework incorporates the theory and the tools we developed to answer – automatically and efficiently – some of the fundamental questions security analysts may need to ask in the context of Cyber Situation Awareness. Most of the work presented in this chapter is the result of the research effort conducted by the authors as part of a the Multidisciplinary University Research Initiative project sponsored by the Army Research Office that was mentioned in the introductory chapter. We present the key challenges the research community has been called to address in this space, and describe our major accomplishments in tackling those challenges.

[1]  Sushil Jajodia,et al.  Formation of Awareness , 2014, Cyber Defense and Situational Awareness.

[2]  Sushil Jajodia,et al.  Cauldron mission-centric cyber situational awareness with defense in depth , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[3]  John McHugh Quality of protection: measuring the unmeasurable? , 2006, QoP '06.

[4]  Alexander Kott,et al.  Cyber Defense and Situational Awareness , 2015, Advances in Information Security.

[5]  Sushil Jajodia,et al.  Scalable Analysis of Attack Scenarios , 2011, ESORICS.

[6]  Sushil Jajodia,et al.  Time-efficient and cost-effective network hardening using attack graphs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[7]  Sushil Jajodia,et al.  k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks , 2010, ESORICS.

[8]  Sushil Jajodia,et al.  An efficient approach to assessing the risk of zero-day vulnerabilities , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[9]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[10]  Sushil Jajodia,et al.  Recognizing Unexplained Behavior in Network Traffic , 2014, Network Science and Cybersecurity.

[11]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[12]  Sushil Jajodia,et al.  Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks , 2014, ESORICS.

[13]  Sushil Jajodia,et al.  NSDMiner: Automated discovery of Network Service Dependencies , 2012, 2012 Proceedings IEEE INFOCOM.

[14]  David John Leversage,et al.  Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[15]  Sushil Jajodia,et al.  Switchwall: Automated Topology Fingerprinting and Behavior Deviation Identification , 2012, STM.

[16]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[17]  Sushil Jajodia,et al.  Topological Vulnerability Analysis , 2010, Cyber Situational Awareness.