Cyber Situational Awareness (eBook)
XII, 252 Seiten
Springer US (Verlag)
978-1-4419-0140-8 (ISBN)
Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons: * Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics. * Lack of capability to monitor certain microscopic system/attack behavior. * Limited capability to transform/fuse/distill information into cyber intelligence. * Limited capability to handle uncertainty. * Existing system designs are not very "e;friendly"e; to Cyber Situational Awareness.
Preface 6
Motivation for the Book 6
About the Book 7
Acknowledgements 7
Contents 8
Overview of Cyber Situational Awareness 14
Cyber SA: Situational Awareness for Cyber Defense 15
1.1 Scope of the Cyber SA Problem 15
1.2 Background 17
1.3 Research Goals 18
1.4 Research Agenda 19
1.5 Conclusion 25
Acknowledgements 26
References 26
Overview of Cyber Situation Awareness 27
2.1 What is Situation Awareness (SA)? 27
2.2 Situation Awareness Reference and Process Models 30
2.3 Visualization 38
2.4 Application to the Cyber Domain 39
2.5 Measures of Performance and Effectiveness 40
2.6 Conclusion 46
References 46
The Reasoning and Decision Making Aspects 48
RPD-based Hypothesis Reasoning for Cyber Situation Awareness 49
3.1 Introduction 49
3.2 Naturalistic Decision Making as a Holistic Model for Cyber SA 51
3.3 RPD-based Hypothesis Generation and Reasoning for Cyber SA 52
3.4 Hypergraph-based Hypothesis Reasoning 55
3.5 Market-based Evidence Gathering 57
3.6 Summary 58
References 59
Uncertainty and Risk Management in Cyber Situational Awareness 60
4.1 Reasoning about Uncertainty is a Necessity 60
4.2 Two Approaches to Handling Dynamic Uncertainty 61
4.3 From Attack Graphs to Bayesian Networks 62
4.4 An Empirical Approach to Developing a Logic for Uncertainty in Situation Awareness 66
4.5 Static Uncertainty and Risk Management 72
4.6 Conclusion 74
References 74
Macroscopic Cyber Situational Awareness 78
Employing Honeynets For Network Situational Awareness 79
5.1 Introduction 80
5.2 Background 81
5.3 Classifying Honeynet Activity 82
5.4 ExperiencesWith Activity Classification 84
5.5 Situational Awareness In-depth 85
5.6 Towards Automated Classification 92
5.7 Assessing Botnet Scanning Patterns 93
5.8 Extrapolating Global Properties 95
5.9 Evaluation of Automated Classification 100
5.10 Summary 109
References 109
Assessing Cybercrime Through the Eyes of the WOMBAT 111
6.1 Foreword 111
6.2 Introduction 112
6.3 Leurre.com v1.0 Honeyd 112
6.4 Leurre.com v2.0: SGNET 120
6.5 Analysis of Attack Events 125
6.6 Multi-Dimensional Analysis of Attack Events 131
6.7 Beyond Events Correlation: Exploring the epsilon- gamma- pi- mu space 137
6.8 Conclusions 141
References 142
Enterprise Cyber Situational Awareness 145
Topological Vulnerability Analysis 146
7.1 Introduction 146
7.2 System Architecture 147
7.3 Illustrative Example 149
7.4 Network Attack Modeling 152
7.5 Analysis and Visualization 154
7.6 Scalability 156
7.7 RelatedWork 159
7.8 Summary 159
Acknowledgements 160
References 160
Cross-Layer Damage Assessment for Cyber Situational Awareness 162
8.1 INTRODUCTION 162
8.2 PEDA: An Architecture For Fine-Grained Damage Assessment In A Production Environment 168
8.3 VM-Based Cross-Layer Damage Assessment: An Overview 170
8.4 Design And Implementation 172
8.5 Preliminary Evaluation 178
8.6 RELATED WORK 180
8.7 LIMITATIONS 181
8.8 Conclusion 181
References 181
Microscopic Cyber Situational Awareness 184
A Declarative Framework for Intrusion Analysis 185
9.1 Introduction 185
9.2 A Survey of RelatedWork 186
9.3 Overview and Case Study 193
9.4 Intrusion Analysis Framework 195
9.5 The SLog Declarative Programming Language 198
9.6 Functional Evaluation 201
9.7 Conclusion 202
Acknowledgments 203
References 203
Automated Software Vulnerability Analysis 207
10.1 Introduction 207
10.2 Common Ground 209
10.3 MemSherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities 209
10.4 CBones: Security Debugging Using Program Structural Constraints 217
10.5 Comparison 224
10.6 Conclusion 225
References 225
The Machine Learning Aspect 230
Machine Learning Methods for High Level Cyber Situation Awareness 231
11.1 Introduction 231
11.2 The TaskTracer System 232
11.3 Machine Learning for Project Associations 236
11.4 Discovering UserWorkflows 244
11.5 Discussion 249
11.6 Concluding Remarks 250
Acknowledgements 250
References 250
Author Index 252
Erscheint lt. Verlag | 3.10.2009 |
---|---|
Reihe/Serie | Advances in Information Security | Advances in Information Security |
Zusatzinfo | XII, 252 p. 20 illus. |
Verlagsort | New York |
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Wirtschaft ► Betriebswirtschaft / Management ► Wirtschaftsinformatik | |
Schlagworte | currentjm • Cyber Situational Awareness • Forensics • Information Fusion • Internet • Intrusion Back-tracking • learning • Network Telescopes • RPD-Inspired • security • threat analysis • Topological Vulnerability |
ISBN-10 | 1-4419-0140-X / 144190140X |
ISBN-13 | 978-1-4419-0140-8 / 9781441901408 |
Haben Sie eine Frage zum Produkt? |
Größe: 9,1 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich