Cyber situational awareness through network anomaly detection: state of the art and new approaches

With a major change in the attack landscape, away from well known attack vectors towards unique and highly tailored attacks, limitations of common ruleand signature-based security systems become more and more obvious. Novel security mechanisms can provide the means to extend existing solutions in order to provide a more sophisticated security approach. As critical infrastructures get increasingly accessible from public networks they show up on attackers' radars. As a consequence, establishing cyber situational awareness on a higher level through incident information sharing is vital for assessing the increased risk to national security in the cyber space. But legal obligations and economical considerations limit the motivation of companies to pursue information sharing initiatives. To support companies and governmental initiatives, novel security mechanisms should inherently address limiting factors. One novel approach, AECID, is presented that accounts for the limitations of many common intrusion and anomaly detection mechanisms; and which further provides the features to support privacy-aware information sharing for cyber situational awareness.