Skip to Main content Skip to Navigation
Conference papers

Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning

Abstract : In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. A security analyst is in charge of observing the online operations of a corporate network (e.g., an online retail company with an external webserver and an internal fileserver) from threats of random or organized cyber-attacks. The current work describes a cognitive Instance-based Learning (IBL) model of the recognition and comprehension processes of a security analyst in a simple cyber-attack scenario. The IBL model first recognizes cyber-events (e.g., execution of a file on a server) in the network based upon events’ situation attributes and the similarity of events’ attributes to past experiences (instances) stored in analyst’s memory. Then, the model reasons about a sequence of observed events being a cyber-attack or not, based upon instances retrieved from memory and the risk-tolerance of a simulated analyst. The execution of the IBL model generates predictions of the recognition and comprehension processes of security analyst in a cyber-attack. An analyst’s decisions are evaluated in the model based upon two cyber SA metrics of accuracy and timeliness of analyst’s decision actions. Future work in this area will focus on collecting human data to validate the predictions made by the model.
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01586581
Contributor : Hal Ifip <>
Submitted on : Wednesday, September 13, 2017 - 8:55:55 AM
Last modification on : Wednesday, September 13, 2017 - 2:28:20 PM
Long-term archiving on: : Thursday, December 14, 2017 - 12:43:00 PM

File

978-3-642-22348-8_24_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Varun Dutt, Young-Suk Ahn, Cleotilde Gonzalez. Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning. 23th Data and Applications Security (DBSec), Jul 2011, Richmond, VA, United States. pp.280-292, ⟨10.1007/978-3-642-22348-8_24⟩. ⟨hal-01586581⟩

Share

Metrics

Record views

117

Files downloads

248