TY - GEN
T1 - Gaining big picture awareness through an interconnected cross-layer situation knowledge reference model
AU - Dai, Jun
AU - Sun, Xiaoyan
AU - Liu, Peng
AU - Giacobe, Nicklaus
PY - 2012/1/1
Y1 - 2012/1/1
N2 - In both military operations and the commercial world, cyber situation awareness (SA) is a key element of mission assurance. Due to the needs for mission damage and impact assessment and asset identification (and prioritization), cyber SA is beyond intrusion detection and attack graph analysis. In this paper, we propose a cross-layer situation knowledge reference model (SKRM) to address the unique cyber SA needs of real-world missions. SKRM provides new insight on how to break the 'stovepipes' created by isolated situation knowledge collectors and gain comprehensive level big picture awareness. Through a concrete case study, we show that SKRM is the key enabler for two SA capabilities beyond intrusion detection and attack graph analysis. The potentials and the current limitations of SKRM and SKRM-enabled analysis are also discussed.
AB - In both military operations and the commercial world, cyber situation awareness (SA) is a key element of mission assurance. Due to the needs for mission damage and impact assessment and asset identification (and prioritization), cyber SA is beyond intrusion detection and attack graph analysis. In this paper, we propose a cross-layer situation knowledge reference model (SKRM) to address the unique cyber SA needs of real-world missions. SKRM provides new insight on how to break the 'stovepipes' created by isolated situation knowledge collectors and gain comprehensive level big picture awareness. Through a concrete case study, we show that SKRM is the key enabler for two SA capabilities beyond intrusion detection and attack graph analysis. The potentials and the current limitations of SKRM and SKRM-enabled analysis are also discussed.
UR - http://www.scopus.com/inward/record.url?scp=84881065132&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84881065132&partnerID=8YFLogxK
U2 - 10.1109/CyberSecurity.2012.18
DO - 10.1109/CyberSecurity.2012.18
M3 - Conference contribution
SN - 9780769550145
T3 - Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
SP - 83
EP - 92
BT - Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
PB - IEEE Computer Society
T2 - 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
Y2 - 14 December 2012 through 16 December 2012
ER -