Gaining Big Picture Awareness through an Interconnected Cross-Layer Situation Knowledge Reference Model

Author

Jun Dai ; Xiaoyan Sun ; Peng Liu ; Giacobe, N.

Author_Institution

Coll. of Inf. Sci. & Technol., Pennsylvania State Univ., University Park, PA, USA

fYear

2012

fDate

14-16 Dec. 2012

Firstpage

83

Lastpage

92

Abstract

In both military operations and the commercial world, cyber situation awareness (SA) is a key element of mission assurance. Due to the needs for mission damage and impact assessment and asset identification (and prioritization), cyber SA is beyond intrusion detection and attack graph analysis. In this paper, we propose a cross-layer situation knowledge reference model (SKRM) to address the unique cyber SA needs of real-world missions. SKRM provides new insight on how to break the "stovepipes" created by isolated situation knowledge collectors and gain comprehensive level big picture awareness. Through a concrete case study, we show that SKRM is the key enabler for two SA capabilities beyond intrusion detection and aintrusionttack graph analysis. The potentials and the current limitations of SKRM and SKRM-enabled analysis are also discussed.

Keywords

security of data; SKRM; attack graph analysis; cross-layer situation knowledge reference model; cyber SA; cyber situation awareness; impact assessment; intrusion detection; mission assurance; mission damage; stovepipe problem; Cyber situation awareness; asset identification and prioritization; damage and impact assessment; mission-driven analytics;

fLanguage

English

Publisher

ieee

Conference_Titel

Cyber Security (CyberSecurity), 2012 International Conference on

Conference_Location

Washington, DC

Print_ISBN

978-1-4799-0219-4

Type

conf

DOI

10.1109/CyberSecurity.2012.18

Filename

6542530