ebook img

Theory and models for cyber situation awareness PDF

228 Pages·2017·21.919 MB·English
by  JajodiaSushilLiuPengWangCliff
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Theory and models for cyber situation awareness

t Peng Liu r A - Sushil Jajodia e h Cliff Wang (Eds.) t - f o y -e e v t ar u t SS Theory and Models 0 3 0 0 for Cyber Situation 1 S C Awareness N L Cyber SA Cognitive Processes & Models D Computer network (cid:129)(cid:129)(cid:129) ata Conditioning (cid:129)(cid:129)(cid:129)EfGmCsCdauvonerrrsoooiaupadidssplreoyecessnhnsle--nsdiidlcsaecaaynelte ac r-y (cid:129)(cid:129)IubRUaAdenneneuheancxaatlteyopvisfrsilymtooaiaisrinninangiettn edyg d & learningInteractive data triage Real •Enterprise model World (cid:129)(cid:129) LIDoSg sre &p otrratsffic (cid:129) Vulnerabilities Security Analysts Cognitive models Spliamtfuolramtion (cid:129)(cid:129)(cid:129) Conditioning Evfuidseionnce Areuatosomnaitnegd Interactive Computer network Data sources 123 Lecture Notes in Computer Science 10030 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zurich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7408 Peng Liu Sushil Jajodia Cliff Wang (Eds.) Theory and Models for Cyber Situation Awareness 123 Editors PengLiu Cliff Wang PennsylvaniaState University ArmyResearch Office University Park, PA Research TrianglePark, NC USA USA Sushil Jajodia George MasonUniversity Fairfax, VA USA ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-61151-8 ISBN978-3-319-61152-5 (eBook) DOI 10.1007/978-3-319-61152-5 LibraryofCongressControlNumber:2017945278 LNCSSublibrary:SL2–ProgrammingandSoftwareEngineering ©SpringerInternationalPublishingAG2017 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface Motivation for the Book This book seeks to present a summary of recent research advances in cyber situation awareness. A multidisciplinary group of leading researchers from the areas of cyber- security, cognitive science, and decision science offer their viewpoints on recent advances in cyber situation awareness. Today, when a security incident happens, the top three questions a cyber operation center would ask are: What has happened? Why did it happen? What should I do? Answers to the first two questions form the core of cyber situation awareness (SA). Whether the last question can be satisfactorily addressed is largely dependent on the cyber SA capability of an enterprise. From the perspective of “data to decisions,” cyber SA can be viewed as a main output of a particular data triaging system. Since there are a large variety of sensors monitoringanenterprisenetwork,thecyberoperationcenterwillgatheralargeamount of data coming from these different types of data sources. The data typically represent normaloperationstatus.Stealthyattack-relatedinformationcouldbedeeplyembedded among the large volume of normal operation data. Thus the signal-to-noise ratio of attack data is normally extremely low. Answering the first two questions through data triaging could be as hard as finding a needle in a haystack. Althoughnumeroustoolshavebeendevelopedtohelpsecurityanalystsgainabetter SA, existing tools are not yet adequate to provide cyber operation centers with highly desirable cyber SA capabilities listed as follows: (cid:129) Capability 1: The ability to create problem-solving workflows or processes (cid:129) Capability 2: The ability to see the big picture of cyber defense landscape (cid:129) Capability 3: The ability to manage uncertainty (cid:129) Capability 4: The ability to reason albeit incomplete/noisy knowledge (cid:129) Capability 5: The ability to quickly locate needles in haystacks (cid:129) Capability 6: The ability to do strategic planning (cid:129) Capability 7: The ability to predict the possible next steps an adversary might take The goal of this work is to present a summary of recent research advances in the development of these highly desirable cyber SA capabilities. VI Preface About the Book Chapters in this book can be roughly divided into the following four areas: Part I: Overview (cid:129) Computer-Aided Human Centric Cyber Situation Awareness Part II: Computer and Information Science Aspects of the Recent Advances in Cyber Situation Awareness (cid:129) An Integrated Framework for Cyber Situational Awareness (cid:129) Lessons Learned: Visualizing Cyber Situation Awareness in a Network Security Domain (cid:129) Enterprise-Level Cyber Situation Awareness Part III: Learning and Decision-Making Aspects of the Recent Advances in Cyber Situation Awareness (cid:129) Dynamics of Decision-Making in Cyber Defense: Using Multi-Agent Cognitive Modeling to Understand CyberWar (cid:129) Studying Analysts Data Triage Operations in Cyber Defense Situational Analysis Part IV: Cognitive Science Aspects of the Recent Advances in Cyber Situation Awareness (cid:129) The Cognitive Sciences of Cyber-Security: A Framework for Advancing Socio-Cyber Systems (cid:129) Collaboration on Cybersecurity Situational Awareness Acknowledgments We areextremely grateful to all those who contributedto this book. It isa pleasureto acknowledgetheauthorsfortheircontributions.SpecialthanksgotoAlfredHofmann, Vice-President Publishing (Editor), Anna Kramer, Assistant Editor, Christine Reiss, EditorialAssistant,andIngridBeyer,allfromSpringer,fortheirsupportofthisproject. May 2017 Peng Liu Sushil Jajodia Cliff Wang Contents Overview Computer-Aided Human Centric Cyber Situation Awareness . . . . . . . . . . . . 3 Massimiliano Albanese, Nancy Cooke, González Coty, David Hall, Christopher Healey, Sushil Jajodia, Peng Liu, Michael D. McNeese, Peng Ning, Douglas Reeves, V.S. Subrahmanian, Cliff Wang, and John Yen Computer and Information Science An Integrated Framework for Cyber Situation Awareness. . . . . . . . . . . . . . . 29 Sushil Jajodia and Massimiliano Albanese Lessons Learned: Visualizing Cyber Situation Awareness in a Network Security Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Christopher G. Healey, Lihua Hao, and Steve E. Hutchinson Enterprise-Level Cyber Situation Awareness. . . . . . . . . . . . . . . . . . . . . . . . 66 Xiaoyan Sun, Jun Dai, Anoop Singhal, and Peng Liu Learning and Decision Making Dynamics of Decision Making in Cyber Defense: Using Multi-agent Cognitive Modeling to Understand CyberWar. . . . . . . . . . . . . . . . . . . . . . . 113 Cleotilde Gonzalez, Noam Ben-Asher, and Don Morrison Studying Analysts’ Data Triage Operations in Cyber Defense Situational Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Chen Zhong, John Yen, Peng Liu, Rob F. Erbacher, Christopher Garneau, and Bo Chen Cognitive Science The Cognitive Sciences of Cyber-Security: A Framework for Advancing Socio-Cyber Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Michael D. McNeese and David L. Hall Impact of Team Collaboration on Cybersecurity Situational Awareness . . . . . 203 Prashanth Rajivan and Nancy Cooke Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Overview Computer-Aided Human Centric Cyber Situation Awareness Massimiliano Albanese1, Nancy Cooke2, González Coty3, David Hall4, Christopher Healey5, Sushil Jajodia1, Peng Liu4(&), Michael D. McNeese4, Peng Ning5, Douglas Reeves5, V.S. Subrahmanian6, Cliff Wang7, and John Yen4 1 George MasonUniversity,Fairfax, VA, USA 2 Arizona State University, Mesa,AZ, USA 3 Carnegie Mellon University,Pittsburg, PA, USA 4 PennsylvaniaState University, University Park, PA,USA [email protected] 5 NorthCarolina State University, Raleigh, NC,USA 6 University of Maryland, CollegePark, MD, USA 7 Army Research Office,Raleigh, NC,USA Abstract. In this chapter, we provide an overview of Cyber Situational Awareness,anemergingresearchareainthebroadfieldofcybersecurity,and discuss, at least at a high level, how to gain Cyber Situation Awareness. Our discussion focuses on answering the following questions: What is Cyber Situ- ation Awareness? Why is research needed? What are the current research objectives andinspiring scientific principles? Why should one take amultidis- ciplinaryapproach?Howcouldonetakeanend-to-endholisticapproach?What arethe future research directions? 1 What Is Cyber Situation Awareness Cyber operations – in the context of mission assurance – give rise – especially within large enterprises - to the questions that are at the core of Cyber Situation Awareness (Cyber SA). Without loss of generality, the process of situational awareness can be viewed as a three-phase process: situation perception, situation comprehension, and situation projection. Perception gains awareness about the status, attributes, and dynamics of relevant elements within the enterprise networks. Comprehension of the situation encompasses how analysts combine, correlate, and interpret information. Projection of the situation into the near future encompasses the ability to make pre- dictions based on the knowledge acquired through perception and comprehension. Figure 1 shows a simplified illustration of cyber operations in a large enterprise. Essentially, cyber operations are centered on answering four key questions whenever an adversary is launching a cyber-attack: (cid:129) What has happened to the networked enterprise information systems (“enterprise networks” for short)? (cid:129) What is the impact? ©SpringerInternationalPublishingAG2017 P.Liuetal.(Eds.):CyberSitationAwareness,LNCS10030,pp.3–25,2017. DOI:10.1007/978-3-319-61152-5_1

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.