Machine Learning Methods for High Level Cyber Situation Awareness

Dietterich, Thomas G.; Bao, Xinlong; Keiser, Victoria; Shen, Jianqiang

doi:10.1007/978-1-4419-0140-8_11

Cited by 9 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e weight analysis method is the most commonly used evaluation method, and its evaluation function is usually an exponential expression, which is determined by the situation factor and its importance weight [50]. e authors of [15] adopted a bottom-up, partial first, and overall strategy to establish a hierarchical network security threat situation quantitative assessment model.…”

Section: Weight Analysis Methodmentioning

confidence: 99%

See 1 more Smart Citation

Proliferation of Cyber Situational Awareness: Today’s Truly Pervasive Drive of Cybersecurity

Nazir

Han

2022

Security and Communication Networks

View full text Add to dashboard Cite

Situation awareness (SA) issues necessitate a comprehension of present activities, the ability to forecast, what will happen next, and strategies to assess the threat or impact of current internet activities and projections. These SA procedures are universal, domain-independent and can be used to detect cyber intrusions. This study introduces cyber situation awareness (CSA), its origin, conception, aim, and characteristics based on an analysis of function shortages and development requirements. Furthermore, we discussed the CSA research framework and examined the research history, which is the essential aspect, and assessed the present issues of the research as well. The assessment approaches were divided into three methods: mathematics model, knowledge reasoning, and pattern recognition. The study then goes into detail regarding the core idea, assessment procedure, strengths, and weaknesses of novel approaches, and then, it addresses CSA from three perspectives: model, knowledge representation, and assessment methods. Many common approaches are contrasted, and current CSA application research in the realms of security, transmission, survivability, and system evaluation is discussed. Finally, this study summarized the findings of the present from technical and application systems, outlined CSA’s future development directions, and provided adversary activities and information that can be used to improve an organization’s SA operations.

show abstract

Section: Weight Analysis Methodmentioning

confidence: 99%

“…e key is to obtain the importance weight of the situation factor. It is the most prominent advantage, i.e., the result of level-1 fusion is directly used as the parameter of the situation assessment function, which narrows the distance between the data fusion levels [50].…”

Section: Weight Analysis Methodmentioning

confidence: 99%

Proliferation of Cyber Situational Awareness: Today’s Truly Pervasive Drive of Cybersecurity

Nazir

Han

2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…They employed deep learning approach to correlate malicious activities obtained from the DNS protocol usage. Dietterich et al [38] used machine learning methods to capture the behavior of ordinary desktop computer users.…”

Section: B Using Artificial Intelligencementioning

confidence: 99%

A Survey on Threat Situation Awareness Systems: Framework, Techniques, and Insights

Alavizadeh¹,

Jang-Jaccard²,

Enoch³

et al. 2021

Preprint

View full text Add to dashboard Cite

Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system need to be developed which has the ability of monitoring and capturing various types of threats, analyzing and devising a plan to avoid further attacks. This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, and analysis of the techniques, and evaluation methods. Lastly, we highlight misconceptions, insights and limitations of this study and suggest some future work directions to address the limitations.

show abstract

“…The TaskTracer system (Dietterich et al, 2010;Shen et al, 2007) was developed to support multi-tasking and interruption recovery for desktop users. The system tries to infer the user's current working project using desktop events (e.g., ''Open Document'', ''New Folder'') in combination with machine learning algorithms.…”

Section: State Of the Artmentioning

confidence: 99%

“…Intelligent notification systems need to identify task boundaries in order to lower the cost of interrupting users (Bailey and Iqbal, 2008). Efficient task monitoring is also required to provide intelligent assistance and resources (Dietterich et al, 2010;Horvitz et al, 1998).…”

Section: Introductionmentioning

confidence: 99%

Activity recognition using eye-gaze movements and traditional interactions

Courtemanche

Aïmeur

Dufresne

et al. 2011

Interacting with Computers

View full text Add to dashboard Cite

a b s t r a c tThe need for intelligent HCI has been reinforced by the increasing numbers of human-centered applications in our daily life. However, in order to respond adequately, intelligent applications must first interpret users' actions. Identifying the context in which users' interactions occur is an important step toward automatic interpretation of behavior. In order to address a part of this context-sensing problem, we propose a generic and application-independent framework for activity recognition of users interacting with a computer interface. Our approach uses Layered Hidden Markov Models (LHMM) and is based on eye-gaze movements along with keyboard and mouse interactions. The main contribution of the proposed framework is the ability to relate users' interactions to a task model in variant applications and for different monitoring purposes. Experimental results from two user studies show that our activity recognition technique is able to achieve good predictive accuracy with a relatively small amount of training data.

show abstract

Machine Learning Methods for High Level Cyber Situation Awareness

Cited by 9 publications

References 8 publications

Proliferation of Cyber Situational Awareness: Today’s Truly Pervasive Drive of Cybersecurity

Proliferation of Cyber Situational Awareness: Today’s Truly Pervasive Drive of Cybersecurity

A Survey on Threat Situation Awareness Systems: Framework, Techniques, and Insights

Activity recognition using eye-gaze movements and traditional interactions

Contact Info

Product

Resources

About