24 May 2012 Integrated situational awareness for cyber attack detection, analysis, and mitigation
Author Affiliations +
Abstract
Real-time cyberspace situational awareness is critical for securing and protecting today's enterprise networks from various cyber threats. When a security incident occurs, network administrators and security analysts need to know what exactly has happened in the network, why it happened, and what actions or countermeasures should be taken to quickly mitigate the potential impacts. In this paper, we propose an integrated cyberspace situational awareness system for efficient cyber attack detection, analysis and mitigation in large-scale enterprise networks. Essentially, a cyberspace common operational picture will be developed, which is a multi-layer graphical model and can efficiently capture and represent the statuses, relationships, and interdependencies of various entities and elements within and among different levels of a network. Once shared among authorized users, this cyberspace common operational picture can provide an integrated view of the logical, physical, and cyber domains, and a unique visualization of disparate data sets to support decision makers. In addition, advanced analyses, such as Bayesian Network analysis, will be explored to address the information uncertainty, dynamic and complex cyber attack detection, and optimal impact mitigation issues. All the developed technologies will be further integrated into an automatic software toolkit to achieve near real-time cyberspace situational awareness and impact mitigation in large-scale computer networks.
© (2012) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Yi Cheng, Yi Cheng, Yalin Sagduyu, Yalin Sagduyu, Julia Deng, Julia Deng, Jason Li, Jason Li, Peng Liu, Peng Liu, "Integrated situational awareness for cyber attack detection, analysis, and mitigation", Proc. SPIE 8385, Sensors and Systems for Space Applications V, 83850N (24 May 2012); doi: 10.1117/12.919261; https://doi.org/10.1117/12.919261
PROCEEDINGS
11 PAGES


SHARE
RELATED CONTENT


Back to Top