Cyber situational awareness - A systematic review of the literature

Abstract Cyber situational awareness is attracting much attention. It features prominently in the national cyber strategies of many countries, and there is a considerable body of research dealing with it. However, until now, there has been no systematic and up-to-date review of the scientific literature on cyber situational awareness. This article presents a review of cyber situational awareness, based on systematic queries in four leading scientific databases. 102 articles were read, clustered, and are succinctly described in the paper. The findings are discussed from the perspective of both national cyber strategies and science, and some directions for future research are examined.

[1]  Ke Tang,et al.  Insider cyber threat situational awareness framwork using dynamic Bayesian networks , 2009, 2009 4th International Conference on Computer Science & Education.

[2]  Gordon W. Skelton,et al.  Cyber security for emergency management , 2010, 2010 IEEE International Conference on Technologies for Homeland Security (HST).

[3]  Louis L. Scharf,et al.  Space-Time Signal Processing for Distributed Pattern Detection in Sensor Networks , 2012, IEEE Journal of Selected Topics in Signal Processing.

[4]  Sushil Jajodia,et al.  Scalable Detection of Cyber Attacks , 2011, CISIM.

[5]  John W. Mitchell,et al.  Emergency-management situational-awareness prototype (EMSAP) , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[6]  Michael R. Grimaila,et al.  Towards an Information Asset-Based Defensive Cyber Damage Assessment Process , 2007, 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications.

[7]  John Yen,et al.  Cyber SA: Situational Awareness for Cyber Defense , 2010, Cyber Situational Awareness.

[8]  Wu Peng,et al.  Security Decision Making Based on Domain Partitional Markov Decision Process , 2009, 2009 International Conference on Information Engineering and Computer Science.

[9]  Stefan Arnborg,et al.  Information awareness in command and control: precision, quality, utility , 2000, Proceedings of the Third International Conference on Information Fusion.

[10]  Chad R. Meiners,et al.  Cyber situational awareness through operational streaming analysis , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[11]  Alfonso Valdes,et al.  Intrusion Monitoring in Process Control Systems , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[12]  Dong Hwi Lee,et al.  A Conceptual Design of Knowledge-Based Real-Time Cyber-Threat Early Warning System , 2006, ISPA Workshops.

[13]  John R. Goodall,et al.  Introduction to Visualization for Computer Security , 2007, VizSEC.

[14]  George P. Tadda,et al.  Overview of Cyber Situation Awareness , 2010, Cyber Situational Awareness.

[15]  Joel Brynielsson,et al.  Using AI and games for decision support in command and control , 2007, Decis. Support Syst..

[16]  Lee M. Rossey,et al.  Integrated Environment Management for Information Operations Testbeds , 2007, VizSEC.

[17]  Daniel R. Tesone,et al.  Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts , 2005 .

[18]  Fredrik Johansson,et al.  Learning to classify emotional content in crisis-related tweets , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[19]  Glenn A. Fink,et al.  Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work , 2011, 2011 Eighth International Conference on Information Technology: New Generations.

[20]  Sushil Jajodia,et al.  Cyber Situational Awareness - Issues and Research , 2009, Cyber Situational Awareness.

[21]  Thomas G. Dietterich,et al.  Machine Learning Methods for High Level Cyber Situation Awareness , 2010, Cyber Situational Awareness.

[22]  Xiaoqi Jia,et al.  Cross-Layer Damage Assessment for Cyber Situational Awareness , 2010, Cyber Situational Awareness.

[23]  Peng Ning,et al.  Automated Software Vulnerability Analysis , 2010, Cyber Situational Awareness.

[24]  Michael N. Gagnon,et al.  Towards Net-Centric Cyber Survivability for Ballistic Missile Defense , 2010, ISARCS.

[25]  Fredrik Johansson,et al.  Using Video Prototyping as a Means to Involve Crisis Communication Personnel in the Design Process: Innovating Crisis Management by Creating a Social Media Awareness Tool , 2013, HCI.

[26]  John R. Goodall,et al.  Visual Discovery in Computer Network Defense , 2007, IEEE Computer Graphics and Applications.

[27]  G. Manimaran,et al.  Anomaly extraction and correlations for power infrastructure cyber systems , 2008, 2008 IEEE International Conference on Systems, Man and Cybernetics.

[28]  Dong Wei,et al.  Intrinsically resilient energy control systems , 2013, CSIIRW '13.

[29]  Robert F. Mills,et al.  A Qualia Framework for Awareness in Cyberspace , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[30]  William A. Pike,et al.  Putting Security in Context: Visual Correlation of Network Activity with Real-World Information , 2007, VizSEC.

[31]  Anita D'Amico,et al.  Visualization as an aid for assessing the mission impact of information security breaches' , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[32]  Vinod Yegneswaran,et al.  Honeynet games: a game theoretic approach to defending network monitors , 2011, J. Comb. Optim..

[33]  Florian Skopik,et al.  Designing a Cyber Attack Information System for National Situational Awareness , 2012, Future Security.

[34]  Paul Chaisty The Federation Council , 2006 .

[35]  Emilie M. Roth,et al.  A Cognitive Task Analysis for Cyber Situational Awareness , 2010 .

[36]  Van-Hau Pham,et al.  The WOMBAT Attack Attribution Method: Some Results , 2009, ICISS.

[37]  Xinming Ou,et al.  Uncertainty and Risk Management in Cyber Situational Awareness , 2010, Cyber Situational Awareness.

[38]  Ray Klump,et al.  Distributed IP Watchlist Generation for Intrusion Detection in the Electrical Smart Grid , 2010, Critical Infrastructure Protection.

[39]  Stefan Arnborg,et al.  Bayesian Games for Threat Prediction and Situation Analysis , 2004 .

[40]  Anita D'Amico,et al.  Visualization as an aid for assessing the mission impact of information security breaches , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[41]  Robert F. Erbacher Visualization design for immediate high-level situational assessment , 2012, VizSec '12.

[42]  Kenneth Prole,et al.  A Graph-Theoretic Visualization Approach to Network Risk Analysis , 2008, VizSEC.

[43]  Mica R. Endsley,et al.  Theoretical Underpinnings of Situation Awareness, A Critical Review , 2000 .

[44]  Mauricio Papa,et al.  A Situational Awareness Architecture for the Smart Grid , 2011, ICGS3/e-Democracy.

[45]  Teodor Sommestad,et al.  Cyber Security Exercises and Competitions as a Platform for Cyber Security Experiments , 2012, NordSec.

[46]  Shanchieh Jay Yang,et al.  Intrusion activity projection for cyber situational awareness , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[47]  David King,et al.  A case for trusted sensors: Encryptors with Deep Packet Inspection capabilities , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[48]  J. Chris Forsythe,et al.  Enhanced Training for Cyber Situational Awareness , 2013, HCI.

[49]  V. Madani,et al.  Development of power system test bed for data mining of synchrophasors data, cyber-attack and relay testing in RTDS , 2012, 2012 IEEE Power and Energy Society General Meeting.

[50]  Erik Blasch,et al.  A Markov game theoretic data fusion approach for cyber situational awareness , 2007, SPIE Defense + Commercial Sensing.

[51]  Anura P. Jayasumana,et al.  Space-Time Signal Processing for Distributed Pattern Detection in Sensor Networks , 2013, IEEE Journal of Selected Topics in Signal Processing.

[52]  David Jonker,et al.  Agile visual analytics for banking cyber "big data" , 2012, IEEE VAST.

[53]  Florian Skopik,et al.  Information Management and Sharing for National Cyber Situational Awareness , 2012, ISSE.

[54]  Yalin E. Sagduyu,et al.  Integrated situational awareness for cyber attack detection, analysis, and mitigation , 2012, Defense + Commercial Sensing.

[55]  Genshe Chen,et al.  Strategies comparison for game theoretic cyber situational awareness and impact assessment , 2007, 2007 10th International Conference on Information Fusion.

[56]  S. Hennin,et al.  Control System Cyber Incident Reporting Protocol , 2008, 2008 IEEE Conference on Technologies for Homeland Security.

[57]  Nicklaus A. Giacobe,et al.  Application of the JDL data fusion process model for cyber security , 2010, Defense + Commercial Sensing.

[58]  Joel Brynielsson,et al.  Game-Theoretic Reasoning in Command and Control , 2004 .

[59]  John R. Goodall,et al.  Visualizing Cascading Failures in Critical Cyber Infrastructures , 2007, Critical Infrastructure Protection.

[60]  George Cybenko,et al.  A Cyber-based Behavioral Model , 2012 .

[61]  Joel Brynielsson,et al.  A gaming perspective on command and control , 2006 .

[62]  Cristina Alcaraz,et al.  Wide-Area Situational Awareness for Critical Infrastructure Protection , 2013, Computer.

[63]  Xin Yang,et al.  A Decision-Support Model for Information Systems Based on Situational Awareness , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[64]  Daniel J. Garland,et al.  Situation Awareness Analysis and Measurement , 2009 .

[65]  Maria Papadaki,et al.  The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset , 2008, TrustBus.

[66]  Stefan Arnborg,et al.  An Information Fusion Game Component , 2006, J. Adv. Inf. Fusion.

[67]  Louise Bennett,et al.  Cyber Security Strategy , 2012 .

[68]  Andreas Paepcke,et al.  Visual Analysis of Network Flow Data with Timelines and Event Plots , 2007, VizSEC.

[69]  Liam M. Mayron,et al.  Cognitive cyber situational awareness using virtual worlds , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[70]  Deborah A. Frincke,et al.  Cognitive task analysis of network analysts and managers for network situational awareness , 2010, Electronic Imaging.

[71]  Timothy W. Finin,et al.  A collaborative approach to situational awareness for cybersecurity , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[72]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[73]  Kasia Muldner,et al.  The challenges of using an intrusion detection system: is it worth the effort? , 2008, SOUPS '08.

[74]  Deborah A. Frincke,et al.  A Multi-Phase Network Situational Awareness Cognitive Task Analysis , 2010, Inf. Vis..

[75]  Peter Schoo,et al.  Anonymity and Privacy in Distributed Early Warning Systems , 2010, CRITIS.

[76]  Ryan W. Thomas,et al.  Wireless security situation awareness with attack identification decision support , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[77]  Jonathan C. Roberts,et al.  SitaVis - Interactive situation awareness visualization of large datasets: VAST 2012 Mini Challenge 1 award: Honorable mention for good situational awareness snapshot , 2012, IEEE VAST.

[78]  K. Weick,et al.  Organizing and the Process of Sensemaking , 2005 .

[79]  Andri Riid,et al.  Situation awareness for networked systems , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[80]  Sandeep K. Shukla,et al.  Formal Verification of Hierarchically Distributed Agent Based Protection Scheme in Smart Grid , 2012, SPIN.

[81]  Vinod Yegneswaran,et al.  Employing Honeynets For Network Situational Awareness , 2010, Cyber Situational Awareness.

[82]  Gianluca Stringhini,et al.  Hit 'em where it hurts: a live security exercise on cyber situational awareness , 2011, ACSAC '11.

[83]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.

[84]  Adam Stotz,et al.  Situational awareness of a coordinated cyber attack , 2005, SPIE Defense + Commercial Sensing.

[85]  Anita D. D'Amico,et al.  The Real Work of Computer Network Defense Analysts , 2007, VizSEC.

[86]  Martin C. Libicki Conquest in Cyberspace: National Security and Information Warfare , 2007 .

[87]  D. Berman,et al.  Towards characterization of cyber attacks on industrial control systems: Emulating field devices using Gumstix technology , 2012, 2012 5th International Symposium on Resilient Control Systems.

[88]  W. Koch,et al.  The JDL model of data fusion applied to cyber-defence — A review paper , 2012, 2012 Workshop on Sensor Data Fusion: Trends, Solutions, Applications (SDF).

[89]  Gabriel Klein,et al.  Modularizing Cyber Defense Situational Awareness - Technical Integration before Human Understanding , 2012, Future Security.

[90]  Nicholas R. Jennings,et al.  Hyperion - Next-Generation Battlespace Information Services , 2007, Comput. J..

[91]  Roberto Tamassia,et al.  Graph Drawing for Security Visualization , 2009, GD.

[92]  Ulrik Franke,et al.  Optimal IT Service Availability: Shorter Outages, or Fewer? , 2012, IEEE Transactions on Network and Service Management.

[93]  Chase Qishi Wu,et al.  Visualization of security events using an efficient correlation technique , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[94]  Janusz Górski,et al.  Cyberspace security and defense : research issues , 2005 .

[95]  Stanislav V. Klimenko,et al.  Metamodel of Shared Situation Awareness for Resilience Management of Built Environment , 2012, 2012 International Conference on Cyberworlds.

[96]  Salvatore D'Antonio,et al.  High-Speed Intrusion Detection in Support of Critical Infrastructure Protection , 2006, CRITIS.

[97]  Dalia Štreimikienė,et al.  World Economic Forum 2012 , 2012 .

[98]  Göran N Ericsson,et al.  Cyber Security and Power System Communication—Essential Parts of a Smart Grid Infrastructure , 2010, IEEE Transactions on Power Delivery.

[99]  John R. Goodall,et al.  situ: Situational understanding and discovery for cyber attacks , 2012, IEEE VAST.

[100]  Adam Stotz,et al.  INformation fusion engine for real-time decision-making (INFERD): A perceptual system for cyber attack tracking , 2007, 2007 10th International Conference on Information Fusion.

[101]  Helen Nissenbaum,et al.  Where Computer Security Meets National Security1 , 2005, Ethics and Information Technology.

[102]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[103]  Alan N. Steinberg,et al.  Revisions to the JDL data fusion model , 1999, Defense, Security, and Sensing.

[104]  Mauricio Papa,et al.  A situational awareness framework for securing the smart grid using monitoring sensors and threat models , 2012, Int. J. Electron. Secur. Digit. Forensics.

[105]  Keir Giles,et al.  Divided by a common language: Cyber definitions in Chinese, Russian and English , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[106]  W. Lynn Defending a New Domain: The Pentagon's Cyberstrategy , 2010 .

[107]  Vincenzo A. Sainato,et al.  Cyber War Will Not Take Place , 2012 .

[108]  Robert F. Mills,et al.  Improving the cyber incident mission impact assessment (CIMIA) process , 2008, CSIIRW '08.

[109]  Liam M. Mayron,et al.  A perceptually-relevant model-based cyber threat prediction method for enterprise mission assurance , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[110]  Mason Rice,et al.  Using Deception to Shield Cyberspace Sensors , 2011, Critical Infrastructure Protection.

[111]  Gabriel Klein,et al.  From detection to reaction - A holistic approach to cyber defense , 2011, 2011 Defense Science Research Conference and Expo (DSR).

[112]  Kenneth M. Hopkinson,et al.  Using a Distributed Agent-Based Communication Enabled Special Protection System to Enhance Smart Grid Security , 2013, IEEE Transactions on Smart Grid.

[113]  Robert M. Patton,et al.  Visualization techniques for computer network defense , 2011, Defense + Commercial Sensing.

[114]  S. Arnborg,et al.  Refinements of the command and control game component , 2005, 2005 7th International Conference on Information Fusion.

[115]  Cristina Alcaraz,et al.  Addressing Situational Awareness in Critical Domains of a Smart Grid , 2012, NSS.

[116]  John Yen,et al.  RPD-based Hypothesis Reasoning for Cyber Situation Awareness , 2010, Cyber Situational Awareness.

[117]  Fredrik Johansson,et al.  Harvesting and analysis of weak signals for detecting lone wolf terrorists , 2012, 2012 European Intelligence and Security Informatics Conference.

[118]  Erik M. Ferragut,et al.  Modeling cyber conflicts using an extended Petri Net formalism , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[119]  Glenn A. Fink,et al.  Gamification for Measuring Cyber Security Situational Awareness , 2013, HCI.

[120]  Cleotilde Gonzalez,et al.  Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning , 2011, DBSec.

[121]  Sushil Jajodia,et al.  Cauldron mission-centric cyber situational awareness with defense in depth , 2011, 2011 - MILCOM 2011 Military Communications Conference.