: Sushil Jajodia, Vipin Swarup, Cliff Wang
: Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang
: Cyber Situational Awareness Issues and Research
: Springer-Verlag
: 9781441901408
: Advances in Information Security
: 1
: CHF 85.50
:
: Informatik
: English
: 252
: Wasserzeichen
: PC/MAC/eReader/Tablet
: PDF
Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons:• Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics.• Lack of capability to monitor certain microscopic system/attack behavior.• Limited capability to transform/fuse/distill information into cyber intelligence.• Limited capability to handle uncertainty.• Existing system designs are not very 'friendly' to Cyber Situational Awareness.
Preface6
Motivation for the Book6
About the Book7
Acknowledgements7
Contents8
Overview of Cyber Situational Awareness14
Cyber SA: Situational Awareness for Cyber Defense15
1.1 Scope of the Cyber SA Problem15
1.2 Background17
1.3 Research Goals18
1.4 Research Agenda19
1.5 Conclusion25
Acknowledgements26
References26
Overview of Cyber Situation Awareness27
2.1 What is Situation Awareness (SA)?27
2.2 Situation Awareness Reference and Process Models30
2.3 Visualization38
2.4 Application to the Cyber Domain39
2.5 Measures of Performance and Effectiveness40
2.6 Conclusion46
References46
The Reasoning and Decision Making Aspects48
RPD-based Hypothesis Reasoning for Cyber Situation Awareness49
3.1 Introduction49
3.2 Naturalistic Decision Making as a Holistic Model for Cyber SA 51
3.3 RPD-based Hypothesis Generation and Reasoning for Cyber SA52
3.4 Hypergraph-based Hypothesis Reasoning55
3.5 Market-based Evidence Gathering57
3.6 Summary58
References59
Uncertainty and Risk Management in Cyber Situational Awareness60
4.1 Reasoning about Uncertainty is a Necessity60
4.2 Two Approaches to Handling Dynamic Uncertainty61
4.3 From Attack Graphs to Bayesian Networks62
4.4 An Empirical Approach to Developing a Logic for Uncertainty in Situation Awareness66
4.5 Static Uncertainty and Risk Management72
4.6 Conclusion74
References74
Macroscopic Cyber Situational Awareness78
Employing Honeynets For Network Situational Awareness79
5.1 Introduction80
5.2 Background81
5.3 Classifying Honeynet Activity82
5.4 ExperiencesWith Activity Classification84
5.5 Situational Awareness In-depth85
5.6 Towards Automated Classification92
5.7 Assessing Botnet Scanning Patterns93
5.8 Extrapolating Global Properties95
5.9 Evaluation of Automated Classification100
5.10 Summary109
References109
Assessing Cybercrime Through the Eyes of the WOMBAT111
6.1 Foreword111
6.2 Introduction112
6.3 Leurre.com v1.0 Honeyd 112
6.4 Leurre.com v2.0: SGNET 120
6.5 Analysis of Attack Events 125
6.6 Multi-Dimensional Analysis of Attack Events 131
6.7 Beyond Events Correlation: Exploring the epsilon- gamma- pi- mu space137
6.8 Conclusions141
References142
Enterprise Cyber Situational Awareness145
Topological Vulnerability Analysis146
7.1 Introduction146
7.2 System Architecture147
7.3 Illustrative Example149
7.4 Network Attack Modeling152
7.5 Analysis and Visualization154
7.6 Scalability156
7.7 RelatedWork159
7.8 Summary159
Acknowledgements160
References160
Cross-Layer Damage Assessment for Cyber Situational Awareness162
8.1 INTRODUCTION162
8.2 PEDA: An Architecture For Fine-Grained Damage Assessment In A Production Environment168
8.3 VM-Based Cross-Layer Damage Assessment: An Overview170
8.4 Design And Implementation172
8.5 Preliminary Evaluation 178
8.6 RELATED WORK180
8.7 LIMITATIONS181
8.8 Conclusion181
References181
Microscopic Cyber Situational Awareness184
A Declarative Framework for Intrusion Analysis185
9.1 Introduction185
9.2 A Survey of RelatedWork186
9.3 Overview and Case Study193
9.4 Intrusion Analysis Framework195
9.5 The SLog Declarative Programming Language198
9.6 Functional Evaluation201
9.7 Conclusion202
Acknowledgments203
References203
Automated Software Vulnerability Analysis207
10.1 Introduction207
10.2 Common Ground209
10.3 MemSherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities209
10.4 CBones: Security Debugging Using Program Structural Constraints217
10.5 Comparison224
10.6 Conclusion225
References225
The Machine Learning Aspect230
Machine Learning Methods for High Level Cyber Situation Awareness231
11.1 Introduction231
11.2 The TaskTracer System232
11.3 Machine Learning for Project Associations236
11.4 Discovering UserWorkflows244
11.5 Discussion249
11.6 Concluding Remarks250
Acknowledgements250
References250
Author Index252