In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. The current work describes a cognitive Instance-Based Learning (IBL) model of an analyst’s recognition and comprehension processes in a cyber-attack scenario. The IBL model first recognizes network events based upon events’ situation attributes and their similarity to past experiences (instance...

We investigate two attacks on the PRINCE block cipher in the most realistic scenario, when the attacker only has a minimal amount of known plaintext available. The first attack is called Accelerated Exhaustive Search, and is able to recover the key for up to the full 12-round PRINCE with a complexity slightly lower than the security claim given by the designers. The second attack is a meet-in-t...

Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to...

With growing dependence upon interconnected networks, defending these networks against intrusions is becoming increasingly important. In the case of attacks that are composed of multiple steps, detecting the entire attack scenario is of vital importance. In this paper, we propose an analysis framework that is able to detect these scenarios with little predefined information. The core of the sys...

Motivation – Validate a System Dynamics model of decision speed for a scenario relevant to an Air Force mission task. Research approach – Extend a decision priming basic research paradigm to a more applied case. Findings/Design – Decision priming was found to occur with more complex stimuli relevant to an air-to-ground target identification scenario. A system dynamics model was developed to pre...

This chapter describes how to use attack graphs to evaluate the security vulnerabilities of an embedded computer network and provides example cases of this technique. Attack graphs are powerful tools available to system administrators to identify and manage vulnerabilities. Attack graphs describe the steps an adversary could take to reach a desired goal and can be analyzed to quantify risk. The...

Cognitive radio (CR) technology has been suggested for effective use of spectral resources. Spectrum sensing is one of the main operations of CR users to identify the vacant frequency bands. Cooperative spectrum sensing (CSS) is used to increase the performance of CR networks by providing spatial diversity. The accuracy of spectrum sensing is the most important challenge in the CSS process sinc...

We present an approach and system for real-time reconstruction of attack scenarios on an enterprise host. To meet the scalability and real-time needs of the problem, we develop a platform-neutral, main-memory based, dependency graph abstraction of audit-log data. We then present efficient, tag-based techniques for attack detection and reconstruction, including source identification and impact a...

Data aggregation of data from multiple sensor nodes done at the aggregating node is usually accomplished by simple methods such as averaging. However such aggregation is known to be highly vulnerable to node compromising attacks in WSN are usually unattended and without tamper resistant hardware, they are highly susceptible to such attacks. Thus, ascertaining trustworthiness of data and reputat...