Presentation is loading. Please wait.

Presentation is loading. Please wait.

ARO-MURI on Cyber-Situation Awareness Review Meeting Phoenix AZ, 2013

Published byRandell Flowers Modified over 8 years ago

Similar presentations

Presentation on theme: "ARO-MURI on Cyber-Situation Awareness Review Meeting Phoenix AZ, 2013"— Presentation transcript:

1 ARO-MURI on Cyber-Situation Awareness Review Meeting Phoenix AZ, 2013
Cyber Situation Awareness from a Cyber Security Perspective Sushil Jajodia, Massimiliano Albanese George Mason University Peng Liu Pennsylvania State University Doug Reeves, Peng Ning, Christopher Healey North Carolina State University V. S. Subrahmanian University of Maryland ARO-MURI on Cyber-Situation Awareness Review Meeting Phoenix AZ, 2013

2 Sample Scenario: Enterprise Network
Current situation. Is there any ongoing attack? If yes, where is the attacker? Impact. How is the attack impacting the enterprise or mission? Can we assess the damage? Evolution. How is the situation evolving? Can we track all the steps of an attack? Behavior. How are the attackers expected to behave? What are their strategies? Internet Web Server (A) Mobile App Server (C) Catalog Server (E) Order Processing Server (F) DB Server (G) Local DB Server (D) Local DB Server (B) Forensics. How did the attacker create the current situation? What was he trying to achieve? Information. What information sources can we rely upon? Can we assess their quality? Prediction. Can we predict plausible futures of the current situation? Scalability. How can we ensure that solutions scale well for large networks? ARO-MURI on Cyber-Situation Awareness Review Meeting

3 Desired CSA Capabilities
Aspects of cyber situational awareness that need to be addressed in order to answers all the previous questions Be aware of current situation Identification of past and ongoing attacks Be aware of the impact of the attack Damage assessment Be aware of how situations evolve Real-time tracking of attacks Be aware of adversary behavior Integration of knowledge of the attacker’s behavior into the attack model Be aware of why and how the current situation is caused Forensics Be aware of quality of information Information sources, data integration, quality measures Assess plausible futures of the current situations Predict possible future and recommend corrective actions ARO-MURI on Cyber-Situation Awareness Review Meeting

4 System Architecture fd fs hA hC hE hF hG hD hB
vD  vE  vF vB vC {(3,10),0.7} {(1,9),0.3} {(1,3),0.8} {(2,7),0.2} {(1,8),1} {(1,7),1} {(3,7),1} {(1,3),1} 0.8 1 0.7 vA vE vC vF vG vD hA,fs 8 hE, fs 7 hC, fs hF, fs hG hD, fd 5 hB, fd hS, fs 10 hT, fs vB Vulnerability Databases NVD OSVD CVE fd fs hA hC hE hF hG hD hB Online Shopping Mobile Order Tracking Scenario Analysis & Visualization Network Hardening Unexplained Activities Model Adversarial modeling Heavy Iron Analyst Order Processing Server (F) Mobile App Server (C) DB Server (G) Local DB Server (D) 0.7 0.3 1 No information about the impact on missions of different courses of actions Topological Vulnerability Analysis Index & Data Structures Graph Processing and Indexing Cauldron Switchwall Stochastic Attack Models Situation Knowledge Reference Model f_s: all the entities need to be fully operat f_r: at least one of the entities it depends on is fully operational. f_d: average Across-graph edge = the percentage reduction in the performance of an entity caused by an exploit Monitored Network Dependency Analysis NSDMiner Generalized Dependency Graphs Alerts/Sensory Data ARO-MURI on Cyber-Situation Awareness Review Meeting

5 System Architecture – Cyber Security Perspective

Download ppt "ARO-MURI on Cyber-Situation Awareness Review Meeting Phoenix AZ, 2013"

Similar presentations

SISTEMA DIÉDRICO Rectas del plano. Rectas en Plano Oblícuo PV PH PV h v h v HsHs VsVs s HsHs VsVs s2s2 s1s1 Recta oblícua.

SISTEMA DIÉDRICO Rectas del plano. Rectas en Plano Oblícuo PV PH PV h v h v HsHs VsVs s HsHs VsVs s2s2 s1s1 Recta oblícua.
Cyber-Security: Some Thoughts

Cyber-Security: Some Thoughts
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Beyond Reactive Management of Network Intrusions Professor Sushil Jajodia Professor Sushil Jajodia Center for Secure Information Systems

Beyond Reactive Management of Network Intrusions Professor Sushil Jajodia Professor Sushil Jajodia Center for Secure Information Systems
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Distance Education Team 2 Security Architectures and Analysis.

Distance Education Team 2 Security Architectures and Analysis.
Defence Research and Development Canada Recherche et développement pour la défense Canada Canada Social Cyber Networks Joanne Treurniet 18 October 2005.

Defence Research and Development Canada Recherche et développement pour la défense Canada Canada Social Cyber Networks Joanne Treurniet 18 October 2005.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.
OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.

Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.
Probabilistic Inference Lecture 4 – Part 2 M. Pawan Kumar Slides available online

Probabilistic Inference Lecture 4 – Part 2 M. Pawan Kumar Slides available online
E m p o w e r i n g i n n o v a t i o n s. “OCEAN TECHNOSYS” is founded with a goal to provide the highest level of professional services thru our expertise.

E m p o w e r i n g i n n o v a t i o n s. “OCEAN TECHNOSYS” is founded with a goal to provide the highest level of professional services thru our expertise.
Topological Vulnerability Analysis

Topological Vulnerability Analysis
CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
A Mission-Centric Framework for Cyber Situational Awareness Metrics, Lifecycle of Situational Awareness, and Impact of Automated Tools on Analyst Performance.

A Mission-Centric Framework for Cyber Situational Awareness Metrics, Lifecycle of Situational Awareness, and Impact of Automated Tools on Analyst Performance.
SQL Server 2014: The Data Platform for the Cloud.

SQL Server 2014: The Data Platform for the Cloud.

Similar presentations

Ads by Google