The mind's new science: a history of the cognitive revolution
The mind's new science: a history of the cognitive revolution
Toward a secure system engineering methodolgy
Proceedings of the 1998 workshop on New security paradigms
Assessing and Managing Security Risk in IT Systems: A Structured Methodology
Assessing and Managing Security Risk in IT Systems: A Structured Methodology
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Cyber Situational Awareness: Issues and Research
Cyber Situational Awareness: Issues and Research
| Hi-index | 0.00 |
In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. A security analyst is in charge of observing the online operations of a corporate network (e.g., an online retail company with an external webserver and an internal fileserver) from threats of random or organized cyber-attacks. The current work describes a cognitive Instance-based Learning (IBL) model of the recognition and comprehension processes of a security analyst in a simple cyber-attack scenario. The IBL model first recognizes cyber-events (e.g., execution of a file on a server) in the network based upon events' situation attributes and the similarity of events' attributes to past experiences (instances) stored in analyst's memory. Then, the model reasons about a sequence of observed events being a cyber-attack or not, based upon instances retrieved from memory and the risk-tolerance of a simulated analyst. The execution of the IBL model generates predictions of the recognition and comprehension processes of security analyst in a cyber-attack. An analyst's decisions are evaluated in the model based upon two cyber SA metrics of accuracy and timeliness of analyst's decision actions. Future work in this area will focus on collecting human data to validate the predictions made by the model.