@inbook{44788677102b4c19bc99cd33fc5e28f8,
title = "Enterprise-Level cyber situation awareness",
abstract = "This chapter begins with a literature review of situation awareness (SA) concepts, and a study on how to apply SA to the cyber field for enterprise-level network security diagnosis. With the finding that an isolation problem exists between the individual perspectives of different technologies, this chapter introduces a cyber SA model named SKRM, which is proposed to integrate the isolated perspectives into a framework. Based on one of the SKRM layers, called Operating System Layer, this chapter presents a runtime system named Patrol, that reveals zero-day attack paths in the enterprise-level networks. To overcome the limitation of Patrol and achieve better accuracy and efficiency, this chapter further illustrates the usage of Bayesian Networks at the low level of Operating System to reveal zero-day attack paths in a probabilistic way.",
author = "Xiaoyan Sun and Jun Dai and Anoop Singhal and Peng Liu",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.",
year = "2017",
doi = "10.1007/978-3-319-61152-5_4",
language = "English (US)",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "66--109",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
address = "Germany",
}