Cyber Situational Awareness: Issues and Research
Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang
Springer Science & Business Media, Oct 3, 2009 - Computers - 252 pages
Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons: • Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics. • Lack of capability to monitor certain microscopic system/attack behavior. • Limited capability to transform/fuse/distill information into cyber intelligence. • Limited capability to handle uncertainty. • Existing system designs are not very “friendly” to Cyber Situational Awareness.
What people are saying - Write a review
We haven't found any reviews in the usual places.
Part II The Reasoning and Decision Making Aspects
Part III Macroscopic Cyber Situational Awareness
Part IV Enterprise Cyber Situational Awareness
Part V Microscopic Cyber Situational Awareness
Part VI The Machine Learning Aspect
Other editions - View all
abstraction activity alert algorithm analyzing application approach attack events attack graph attack tracks automated Bayesian Network botnet bots capture CBones checkpoint cluster code injection components compromised Computer Computer Security correlation corresponding Cyber Situational Awareness damage assessment damage propagation database debugging dependency distributed domain DShield dynamic email message ephemeral port example execution exploit Figure firewall Folder Predictor framework global honeynet honeypots host hypotheses identify IEEE impact information flow interaction Internet intrusion detection Jajodia kernel machine learning malicious malware memory region MemSherlock metrics netflow nodes observed payload performance platforms port problem Proceedings QEMU relationships relevant SA system scanning semantics senders sensor server SGNET shellcode specific Springer Science+Business Media strace structural constraints subnets Symantec system call target TaskTracer techniques tion uncertainty USENIX variables virtual machine vulnerabilities workflow worm write sets