Cyber Situational Awareness and Response (CSAR)
Abstract
The Cyber Situational Awareness and Response (CSAR) program will develop technologies to enable awareness and understanding of the cyber environment as required for decision making for defensive and/or responsive actions. This includes attack detection, characterization, and assessment, attacker identification, and information/system provenance. Cyber situational awareness is made increasingly difficult by efforts of attackers to elude detection. Approaches to cyber situational awareness will include techniques to exploit data derived from events on hosts and networks that may be quite subtle when examined in isolation but more apparent when correlated in time and space across an enterprise. CSAR will also create new graphical interfaces and Web 2.0 mashups that enable intuitive visualization of anomalous events on hosts and networks suggestive of cyber attack. Toward this end, CSAR will develop, apply and assess pattern detection and analysis and machine learning techniques to create a real-time network forensics capability that can serve as the basis for rapid response capabilities including network reconstitution. This is an area where metrics are difficult to obtain and so CSAR will extend operationally-meaningful measures such as mean-time-to-detect and false-alarm rate to estimate the efficacy of schemes proposed to detect important classes of attacks.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2012
- Source ID
- bf98303a21efc2efb05d181fa38cb73a