Accession Number : AD1051055

Title :   Computer-aided Human Centric Cyber Situation Awareness

Descriptive Note : Technical Report,17 Sep 2009,16 Aug 2015


Personal Author(s) : Liu,Peng ; Jajodia,Sushil ; Albanese,Massimilano ; Subrahmanian,V S ; Yen,John ; McNeese,Michael ; Hall,Dave ; Gonzalez,Cleotilde ; Cooke,Nancy ; Reeves,Douglas ; Healey,Christopher

Full Text :

Report Date : 20 Mar 2016

Pagination or Media Count : 64

Abstract : In the presence of cyber warfare or cyber attacks, the security analysts need to answer four critical questions: What has happened? What is the impact? Why did it happen? What should I do? Answers to the first three questions form the core of Cyber Situational Awareness (Cyber SA). Whether the last question can be satisfactorily answered is greatly dependent upon the cyber SA capability of an enterprise. Gaining SA is a human centric process through perception, comprehension, and projection. Compared to physical world SA, cyber SA has several unique characteristics, including extremely high situation evolving speed, extremely large amount of situation information, and fully automated services. These unique characteristics imply that physical world SA techniques cannot apply in cyberspace. These unique characteristics also indicate the importance of computer-aided SA and the cognition throughput challenge in gaining cyber SA. In this project, we take a holistic, end-to-end approach to integrate the human cognition aspects and the cyber tools aspects of cyber SA. We will develop cyber SA specific cognition models. We will leverage these models to develop cognition-friendly SA techniques, tools, and analytics, so that we can fill the gap between the sensor side and the analyst side of cyber SA. These cognition-friendly SA analytics and tools include but are not limited to situation knowledge reference model, fusion, cross-layer mission-driven SA analytics, adversary intent analysis, probabilistic graphical models, and automated reasoning. In addition, we will build test-beds to evaluate the proposed approach.

Descriptors :   cyberattacks , data analysis , databases , situational awareness , task performance and analysis , cognitive science , computer network security , computers , information processing , malware , systems engineering , computer programming , cognition , information systems , cognitive systems engineering , computer security , computational science , information science

Subject Categories : Computer Programming and Software
      Computer Systems

Distribution Statement : APPROVED FOR PUBLIC RELEASE