Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning

Abstract : In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. A security analyst is in charge of observing the online operations of a corporate network (e.g., an online retail company with an external webserver and an internal fileserver) from threats of random or organized cyber-attacks. The current work describes a cognitive Instance-based Learning (IBL) model of the recognition and comprehension processes of a security analyst in a simple cyber-attack scenario. The IBL model first recognizes cyber-events (e.g., execution of a file on a server) in the network based upon events’ situation attributes and the similarity of events’ attributes to past experiences (instances) stored in analyst’s memory. Then, the model reasons about a sequence of observed events being a cyber-attack or not, based upon instances retrieved from memory and the risk-tolerance of a simulated analyst. The execution of the IBL model generates predictions of the recognition and comprehension processes of security analyst in a cyber-attack. An analyst’s decisions are evaluated in the model based upon two cyber SA metrics of accuracy and timeliness of analyst’s decision actions. Future work in this area will focus on collecting human data to validate the predictions made by the model.
Type de document :
Communication dans un congrès
Yingjiu Li. 23th Data and Applications Security (DBSec), Jul 2011, Richmond, VA, United States. Springer, Lecture Notes in Computer Science, LNCS-6818, pp.280-292, 2011, Data and Applications Security and Privacy XXV. 〈10.1007/978-3-642-22348-8_24〉
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01586581
Contributeur : Hal Ifip <>
Soumis le : mercredi 13 septembre 2017 - 08:55:55
Dernière modification le : mercredi 13 septembre 2017 - 14:28:20
Document(s) archivé(s) le : jeudi 14 décembre 2017 - 12:43:00

Fichier

978-3-642-22348-8_24_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Varun Dutt, Young-Suk Ahn, Cleotilde Gonzalez. Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning. Yingjiu Li. 23th Data and Applications Security (DBSec), Jul 2011, Richmond, VA, United States. Springer, Lecture Notes in Computer Science, LNCS-6818, pp.280-292, 2011, Data and Applications Security and Privacy XXV. 〈10.1007/978-3-642-22348-8_24〉. 〈hal-01586581〉

Partager

Métriques

Consultations de la notice

17

Téléchargements de fichiers

9