Cyber Situational Awareness (eBook)

Issues and Research
eBook Download: PDF
2009 | 2010
XII, 252 Seiten
Springer US (Verlag)
978-1-4419-0140-8 (ISBN)

Lese- und Medienproben

Cyber Situational Awareness -
Systemvoraussetzungen
96,29 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons: • Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics. • Lack of capability to monitor certain microscopic system/attack behavior. • Limited capability to transform/fuse/distill information into cyber intelligence. • Limited capability to handle uncertainty. • Existing system designs are not very 'friendly' to Cyber Situational Awareness.
Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons: * Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics. * Lack of capability to monitor certain microscopic system/attack behavior. * Limited capability to transform/fuse/distill information into cyber intelligence. * Limited capability to handle uncertainty. * Existing system designs are not very "e;friendly"e; to Cyber Situational Awareness.

Preface 6
Motivation for the Book 6
About the Book 7
Acknowledgements 7
Contents 8
Overview of Cyber Situational Awareness 14
Cyber SA: Situational Awareness for Cyber Defense 15
1.1 Scope of the Cyber SA Problem 15
1.2 Background 17
1.3 Research Goals 18
1.4 Research Agenda 19
1.5 Conclusion 25
Acknowledgements 26
References 26
Overview of Cyber Situation Awareness 27
2.1 What is Situation Awareness (SA)? 27
2.2 Situation Awareness Reference and Process Models 30
2.3 Visualization 38
2.4 Application to the Cyber Domain 39
2.5 Measures of Performance and Effectiveness 40
2.6 Conclusion 46
References 46
The Reasoning and Decision Making Aspects 48
RPD-based Hypothesis Reasoning for Cyber Situation Awareness 49
3.1 Introduction 49
3.2 Naturalistic Decision Making as a Holistic Model for Cyber SA 51
3.3 RPD-based Hypothesis Generation and Reasoning for Cyber SA 52
3.4 Hypergraph-based Hypothesis Reasoning 55
3.5 Market-based Evidence Gathering 57
3.6 Summary 58
References 59
Uncertainty and Risk Management in Cyber Situational Awareness 60
4.1 Reasoning about Uncertainty is a Necessity 60
4.2 Two Approaches to Handling Dynamic Uncertainty 61
4.3 From Attack Graphs to Bayesian Networks 62
4.4 An Empirical Approach to Developing a Logic for Uncertainty in Situation Awareness 66
4.5 Static Uncertainty and Risk Management 72
4.6 Conclusion 74
References 74
Macroscopic Cyber Situational Awareness 78
Employing Honeynets For Network Situational Awareness 79
5.1 Introduction 80
5.2 Background 81
5.3 Classifying Honeynet Activity 82
5.4 ExperiencesWith Activity Classification 84
5.5 Situational Awareness In-depth 85
5.6 Towards Automated Classification 92
5.7 Assessing Botnet Scanning Patterns 93
5.8 Extrapolating Global Properties 95
5.9 Evaluation of Automated Classification 100
5.10 Summary 109
References 109
Assessing Cybercrime Through the Eyes of the WOMBAT 111
6.1 Foreword 111
6.2 Introduction 112
6.3 Leurre.com v1.0 Honeyd 112
6.4 Leurre.com v2.0: SGNET 120
6.5 Analysis of Attack Events 125
6.6 Multi-Dimensional Analysis of Attack Events 131
6.7 Beyond Events Correlation: Exploring the epsilon- gamma- pi- mu space 137
6.8 Conclusions 141
References 142
Enterprise Cyber Situational Awareness 145
Topological Vulnerability Analysis 146
7.1 Introduction 146
7.2 System Architecture 147
7.3 Illustrative Example 149
7.4 Network Attack Modeling 152
7.5 Analysis and Visualization 154
7.6 Scalability 156
7.7 RelatedWork 159
7.8 Summary 159
Acknowledgements 160
References 160
Cross-Layer Damage Assessment for Cyber Situational Awareness 162
8.1 INTRODUCTION 162
8.2 PEDA: An Architecture For Fine-Grained Damage Assessment In A Production Environment 168
8.3 VM-Based Cross-Layer Damage Assessment: An Overview 170
8.4 Design And Implementation 172
8.5 Preliminary Evaluation 178
8.6 RELATED WORK 180
8.7 LIMITATIONS 181
8.8 Conclusion 181
References 181
Microscopic Cyber Situational Awareness 184
A Declarative Framework for Intrusion Analysis 185
9.1 Introduction 185
9.2 A Survey of RelatedWork 186
9.3 Overview and Case Study 193
9.4 Intrusion Analysis Framework 195
9.5 The SLog Declarative Programming Language 198
9.6 Functional Evaluation 201
9.7 Conclusion 202
Acknowledgments 203
References 203
Automated Software Vulnerability Analysis 207
10.1 Introduction 207
10.2 Common Ground 209
10.3 MemSherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities 209
10.4 CBones: Security Debugging Using Program Structural Constraints 217
10.5 Comparison 224
10.6 Conclusion 225
References 225
The Machine Learning Aspect 230
Machine Learning Methods for High Level Cyber Situation Awareness 231
11.1 Introduction 231
11.2 The TaskTracer System 232
11.3 Machine Learning for Project Associations 236
11.4 Discovering UserWorkflows 244
11.5 Discussion 249
11.6 Concluding Remarks 250
Acknowledgements 250
References 250
Author Index 252

Erscheint lt. Verlag 3.10.2009
Reihe/Serie Advances in Information Security
Advances in Information Security
Zusatzinfo XII, 252 p. 20 illus.
Verlagsort New York
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Wirtschaft Betriebswirtschaft / Management Wirtschaftsinformatik
Schlagworte currentjm • Cyber Situational Awareness • Forensics • Information Fusion • Internet • Intrusion Back-tracking • learning • Network Telescopes • RPD-Inspired • security • threat analysis • Topological Vulnerability
ISBN-10 1-4419-0140-X / 144190140X
ISBN-13 978-1-4419-0140-8 / 9781441901408
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)
Größe: 9,1 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
42,99
Das umfassende Handbuch

von Michael Kofler; Klaus Gebeshuber; Peter Kloep …

eBook Download (2022)
Rheinwerk Computing (Verlag)
49,90