Intrusion activity projection for cyber situational awareness

Yang, Shanchieh Jay; Byers, S.R.; Holsopple, Jared; Argauer, B.; Fava, Daniel Schnetzer

doi:10.1109/isi.2008.4565048

Cited by 19 publications

(9 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A review of the extant literature on situation awareness in CDA reveals that though cyber defence scholars have relied on the cognitive perspective as a basis for their research almost exclusively, the research is, in practice employing the technological perspective of SA (Mathew, Shah, & Upadhyaya, 2005;Okolica, McDonald, Peterson, Mills, & Haas, 2009;Yang, S. J., Byers, Holsopple, Argauer, & Fava, 2008;Yen et al, 2010). The notable exception is Tadda and Salerno's (2010) Situation Awareness Reference Model.…”

Section: Cyber Defence Analysis and Cyber-samentioning

confidence: 99%

A human-in-the-loop approach to understanding situation awareness in cyber defence analysis

Tyworth¹,

Giacobe²,

Mancuso³

et al. 2013

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

In this paper we argue for a human-in-the-loop approach to the study of situation awareness in computer defence analysis (CDA). The cognitive phenomenon of situation awareness (SA) has received significant attention in cybersecurity/CDA research. Yet little of this work has attended to the cognitive aspects of situation awareness in the CDA context; instead, the human operator has been treated as an abstraction within the larger human-technology system. A more human-centric approach that seeks to understand the socio-cognitive work of human operators as they perform CDA will yield greater insights into the design of tools and interfaces for CDA. As support for this argument, we present our own work employing the Living Lab Framework through which we ground our experimental findings in contextual knowledge of real-world practice.

show abstract

Section: Cyber Defence Analysis and Cyber-samentioning

confidence: 99%

A human-in-the-loop approach to understanding situation awareness in cyber defence analysis

Tyworth¹,

Giacobe²,

Mancuso³

et al. 2013

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

show abstract

“…What cyber-SA is exactly, however, remains unclear. Some scholars have argued that cyber-SA is a unique form of situation awareness because of the unique characteristics of the operating environment: a rapid rate of environmental change, an overwhelming volume of information, and the lack of physical world constraints 34,35 . Others have described cyber-SA in terms of what the human operator should be aware of.…”

Section: Cyber Situation Awareness (Cyber-sa)mentioning

confidence: 99%

Cyber situation awareness as distributed socio-cognitive work

2012

View full text Add to dashboard Cite

A key challenge for human cybersecurity operators is to develop an understanding of what is happening within, and to, their network. This understanding, or situation awareness, provides the cognitive basis for human operators to take action within their environments. Yet developing situation awareness of cyberspace (cyber-SA) is understood to be extremely difficult given the scope of the operating environment, the highly dynamic nature of the environment and the absence of physical constraints that serve to bound the cognitive task 23 . As a result, human cybersecurity operators are often "flying blind" regarding understanding the source, nature, and likely impact of malicious activity on their networked assets. In recent years, many scholars have dedicated their attention to finding ways to improve cyber-SA in human operators. In this paper we present our findings from our ongoing research of how cybersecurity analysts develop and maintain cyber-SA. Drawing from over twenty interviews of analysts working in the military, government, industrial, and educational domains, we find that cyber-SA to be distributed across human operators and technological artifacts operating in different functional areas.

show abstract

“…Belief combination schemes can be employed to assist in fusing SME opinions. In addition, intent may be estimated in its worst-case sense [19]. Specifically, if little or no prior knowledge is known about the specific adversary, e.g., insurgents in unknown territory or random hackers from the Internet, one might assume the intended targets to be the most critical asset or information with respect to one or more missions.…”

Section: Intent/goalsmentioning

confidence: 99%

Issues and challenges in higher level fusion: Threat/impact assessment and intent modeling (a panel summary)

Salerno

Yang

Kadar

et al. 2010

2010 13th International Conference on Information Fusion

View full text Add to dashboard Cite

-Many say that we live in the information age, but in reality if you ask any analyst today they would say we live in the data age. The amount of data being presented and displayed to the analyst is overwhelming ---to a point that in many cases they are missing the salient or key activities of interest. Analysts are spending the majority of their time filtering through the data rather than performing analysis. Over the past 10 years, there has been an increasing emphasis on research in higher level fusion or what many are calling situation awareness.In this paper, we describe a collection of research addressing the challenges of enabling situation awareness. We will review our reference model and provide a discussion of a flow through the model to include how we can rank various activities based on their impact and threat. We also provide a number of algorithms that have been implemented and then tested and evaluated using a set of performance metrics.

show abstract

Intrusion activity projection for cyber situational awareness

Cited by 19 publications

References 14 publications

A human-in-the-loop approach to understanding situation awareness in cyber defence analysis

A human-in-the-loop approach to understanding situation awareness in cyber defence analysis

Cyber situation awareness as distributed socio-cognitive work

Issues and challenges in higher level fusion: Threat/impact assessment and intent modeling (a panel summary)

Contact Info

Product

Resources

About