TY - GEN
T1 - Experience-based cyber situation recognition using relaxable logic patterns
AU - Chen, Po Chun
AU - Liu, Peng
AU - Yen, John
AU - Mullen, Tracy
PY - 2012
Y1 - 2012
N2 - Cyber situation awareness is a growingly important issue as the world becomes more and more connected. Unfortunately, the amount of data produced by existing intrusion detection tools usually significantly exceeds the cognition throughput of a human analyst. In attempting to align a huge amount of information and the limited human cognitive load, we developed a systematic approach to leverage experiences of security analysts to enhance cyber situation recognition. We used a logic-based approach to efficiently capture and utilize experts' experience, which can be categorized as kind of knowledge-based intrusion detection. However, knowledge-based intrusion detection relies on the establishment of a knowledge base created from cyber attack signatures, but building a comprehensive knowledge base that covers all variations of attacks is impractical under large-scale networks since knowledge engineering can be a time-consuming process. Therefore, how to effectively leverage limited number of human experience became the second focus of our research. In this paper, we presented the logic-based approach under an experience-driven framework, followed by the concept of experience relaxation for mitigating the limitation of knowledge-based intrusion detection. Our experimental results showed a significant improvement in the knowledge base coverage by applying experience relaxation.
AB - Cyber situation awareness is a growingly important issue as the world becomes more and more connected. Unfortunately, the amount of data produced by existing intrusion detection tools usually significantly exceeds the cognition throughput of a human analyst. In attempting to align a huge amount of information and the limited human cognitive load, we developed a systematic approach to leverage experiences of security analysts to enhance cyber situation recognition. We used a logic-based approach to efficiently capture and utilize experts' experience, which can be categorized as kind of knowledge-based intrusion detection. However, knowledge-based intrusion detection relies on the establishment of a knowledge base created from cyber attack signatures, but building a comprehensive knowledge base that covers all variations of attacks is impractical under large-scale networks since knowledge engineering can be a time-consuming process. Therefore, how to effectively leverage limited number of human experience became the second focus of our research. In this paper, we presented the logic-based approach under an experience-driven framework, followed by the concept of experience relaxation for mitigating the limitation of knowledge-based intrusion detection. Our experimental results showed a significant improvement in the knowledge base coverage by applying experience relaxation.
UR - http://www.scopus.com/inward/record.url?scp=84861164856&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84861164856&partnerID=8YFLogxK
U2 - 10.1109/CogSIMA.2012.6188392
DO - 10.1109/CogSIMA.2012.6188392
M3 - Conference contribution
AN - SCOPUS:84861164856
SN - 9781467303453
T3 - 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
SP - 243
EP - 250
BT - 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
T2 - 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
Y2 - 6 March 2012 through 8 March 2012
ER -