Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons: • Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics. • Lack of capability to monitor certain microscopic system/attack behavior. • Limited capability to transform/fuse/distill information into cyber intelligence. • Limited capability to handle uncertainty. • Existing system designs are not very “friendly” to Cyber Situational Awareness.
Inhaltsverzeichnis
I Overview of Cyber Situational Awareness.- Cyber SA: Situational Awareness for Cyber Defense.- Overview of Cyber Situation Awareness.- II The Reasoning and Decision Making Aspects.- RPD-based Hypothesis Reasoning for Cyber Situation Awareness.- Uncertainty and Risk Management in Cyber Situational Awareness.- III Macroscopic Cyber Situational Awareness.- Employing Honeynets For Network Situational Awareness.- Assessing Cybercrime Through the Eyes of the WOMBAT.- IV Enterprise Cyber Situational Awareness.- Topological Vulnerability Analysis.- Cross-Layer Damage Assessment for Cyber Situational Awareness.- V Microscopic Cyber Situational Awareness.- A Declarative Framework for Intrusion Analysis.- Automated Software Vulnerability Analysis.- VI The Machine Learning Aspect.- Machine Learning Methods for High Level Cyber Situation Awareness.