Cyber Situation Awareness through Instance-Based Learning: Modeling the Security Analyst in a Cyber-Attack Scenario

Abstract

In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. The current work describes a cognitive Instance-Based Learning (IBL) model of an analyst's recognition and comprehension processes in a cyber-attack scenario. The IBL model first recognizes network events based upon events' situation attributes and their similarity to past experiences (instances) stored in the model's memory. Then, the model comprehends a sequence of observed events as being a cyber-attack or not, based upon instances retrieved from its memory, similarity mechanism used, and the model's risk-tolerance. The execution of the model generates predictions about the recognition and comprehension processes of an analyst in a cyber-attack. A security analyst's decisions in the model are evaluated based upon two cyber-SA metrics of accuracy and timeliness. The chapter highlights the potential of this research for design of training and decision support tools for security analysts.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2012
Accession Number
ADA564936

Entities

People

  • Gleotilde Gonzalez
  • Varun Dutt

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Accuracy
  • Cognition
  • Computer Network Security
  • Computer Networks
  • Computers
  • Cyberattacks
  • Cybersecurity
  • Department Of Homeland Security
  • Internet
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Architecture
  • Psychology
  • Security
  • Situational Awareness
  • Training

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Government and Public Administration Law.
  • Neural Network Machine Learning.

Technology Areas

  • Cyber