A perceptually-relevant model-based cyber threat prediction method for enterprise mission assurance

Cyber attacks remain elusive and are increasingly effective. Information security professionals regularly monitor network resources and cyber security websites with an interest in understanding how such threats expose their enterprise´s vulnerabilities and dependencies. However, information must be persistently and purposefully examined from a multitude of resources in order to establish context and situational awareness. This in turn, enables organizations to perceive, anticipate and counteract threats before they occur and helps assure their ability to accomplish their missions. Global information must be transformed into timely and local actionable knowledge. To achieve this, cyber event data coupled with knowledge of the semantic interrelationships between other location, object, agent, and event entities need to be factored to facilitate a clearer understanding of the total cyber landscape. In this work, we introduce an ontology driven framework comprising of a dynamic knowledge base, a functional and self-updating mission model, and the associated information and complex event processing capabilities. We focus the description of the system on cyber mission information needs, whereby collection, processing, management and mission model updates are based on cyber-related information from a variety of resources including commercial news, blogs, wikis, and social media sources. The result is a dynamic capability for cyber mission management that provides proactive, on demand cyber information to analysts, professionals, policy makers, and support personnel.