Title :
Enabling cyber situation awareness, impact assessment, and situation projection
Author :
Lewis, Lundy ; Jakobson, Gabriel ; Buford, John
Author_Institution :
Altusys Corp., Princeton, NJ
Abstract :
In the paper we focus on (i) an assessment of impact on missions or business processes resulting from cyber attacks and (ii) the subsequent projection of further possible attacks and corresponding impact assessments. A reference model for impact assessment and situation projection (IASP) is provided, based on which we propose a constraint satisfaction (CS) algorithmic approach for performing IASP. The nodes of a constraint network contain variables with accompanying certainty factors characterizing aspects of missions, services, IT assets, network connections, known vulnerabilities, safeguards, cyber alerts, attack categories, and partial models of complex stepping-stone or island-hopping attacks. Given constraints among these variables, e.g. mission X depends on services Y and Z, the CS algorithm calculates IASP with degree of certainty. We demonstrate the approach on dataset containing audit trails, IDS alerts, and TCP traffic.
Keywords :
constraint theory; security of data; business processes; constraint satisfaction algorithmic approach; cyber alerts; cyber attacks; cyber situation awareness; impact assessment; situation projection; Algorithm design and analysis; Bayesian methods; Business communication; Computer security; Expert systems; Inspection; Intrusion detection; Prototypes; Traffic control; Tree data structures;
Conference_Titel :
Military Communications Conference, 2008. MILCOM 2008. IEEE
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4244-2676-8
Electronic_ISBN :
978-1-4244-2677-5
DOI :
10.1109/MILCOM.2008.4753521
