Modeling Cyber Situational Awareness Through Data Fusion
Abstract
Cyber attacks are compromising networks faster than administrators can respond. Network defenders are unable to become oriented with these attacks, determine the potential impacts, and assess the damages in a timely manner. Since the observations of network sensors are normally disjointed, analysis of the data is overwhelming and time is not spent efficiently. Automation in defending cyber networks requires a level of reasoning for adequate response. Current automated systems are mostly limited to scripted responses. Better defense tools are required. This research develops a framework that aggregates data from heterogeneous network sensors. The collected data is correlated into a single model that is easily interpreted by decision-making entities. This research proposes and tests an impact rating system that estimates the feasibility of an attack and its potential level of impact against the targeted network host as well the other hosts that reside on the network. The impact assessments would allow decision makers to prioritize attacks in real-time and attempt to mitigate the attacks in order of their estimated impact to the network. The ultimate goal of this system is to provide computer network defense tools the situational awareness required to make the right decisions to mitigate cyber attacks in real-time.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2013
- Accession Number
- ADA576193
Entities
People
- Evan L. Raulerson
Organizations
- Air Force Institute of Technology