Modeling the Security Analyst in a Cyber-Attack Scenario
نویسنده
چکیده
In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. The current work describes a cognitive Instance-Based Learning (IBL) model of an analyst’s recognition and comprehension processes in a cyber-attack scenario. The IBL model first recognizes network events based upon events’ situation attributes and their similarity to past experiences (instances) stored in the model’s memory. Then, the model comprehends a sequence of observed events as being a cyber-attack or not, based upon instances retrieved from its memory, similarity mechanism used, and the model’s risk-tolerance. The execution of the model generates predictions about the recognition and comprehension processes of an analyst in a cyber-attack. A security analyst’s decisions in the model are evaluated based upon two cyber-SA metrics of accuracy and timeliness. The chapter highlights the potential of this research for design of training and decision support tools for security analysts.
منابع مشابه
Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning
In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. A security analyst is in charge of observing the online operations of a corporate network (e.g., an online retail company with an external webserver and an internal fileserver) from threats of random or organized cyber-attacks. The current work describes a cognitive Instance-based Learning (IBL...
متن کاملCyber-Attack Detection: Modelling the Effects of Similarity and Scenarios
Cyber attacks, the disruption of normal functioning of computers in a network due to malicious events (threats), are becoming widespread. The role of security analysts, who are tasked with protecting networks by accurately and timely detecting cyber attacks, is becoming important. However, currently little is known on how certain cognitive and environmental factors might influence the analyst’s...
متن کاملCyber Threats Foresight Against Iran Based on Attack Vector
Cyber threats have been extraordinary increased in recent years. Cyber attackers, including government agencies or hackers, have made significant advances in the use of various tools for attacking target systems in some countries particularly on Islamic republic of Iran. The complexity of cyber threats and the devastating effects of them on critical systems highlights necessity of cyber thr...
متن کاملAn Effective Attack-Resilient Kalman Filter-Based Approach for Dynamic State Estimation of Synchronous Machine
Kalman filtering has been widely considered for dynamic state estimation in smart grids. Despite its unique merits, the Kalman Filter (KF)-based dynamic state estimation can be undesirably influenced by cyber adversarial attacks that can potentially be launched against the communication links in the Cyber-Physical System (CPS). To enhance the security of KF-based state estimation, in this paper...
متن کاملModeling Multistep Cyber Attacks for Scenario Recognition
Efforts toward automated detection and identification of multistep cyber attack scenarios would benefit significantly from a methodology and language for modeling such scenarios. The Correlated Attack Modeling Language (CAML) uses a modular approach, where a module represents an inference step and modules can be linked together to detect multistep scenarios. CAML is accompanied by a library of ...
متن کامل