Cyber Situation Awareness 1st edition by Sushil Jajodia, ‎Peng Liu, ‎Vipin Swarup 144190140X 9781441901408

Cyber Situationa Awareness 1st edition by Sushil Jajodia, ‎Peng Liu, ‎Vipin Swarup – Ebook PDF Instanti Download/DeliveryISBN: 144190140X, 9781441901408

Full download Cyber Situationa Awareness 1st edition after payment.

Product details:

ISBN-10 :  144190140X 

ISBN-13 :  9781441901408

Author :  Sushil Jajodia, ‎Peng Liu, ‎Vipin Swarup 

Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons: • Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics. • Lack of capability to monitor certain microscopic system/attack behavior. • Limited capability to transform/fuse/distill information into cyber intelligence. • Limited capability to handle uncertainty. • Existing system designs are not very “friendly” to Cyber Situational Awareness.

Cyber Situationa Awareness 1st Table of contents:

Part I Overview of Cyber Situational Awareness
Cyber SA: Situational Awareness for Cyber Defense
P. Barford, M. Dacier, T. G. Dietterich, M. Fredrikson, J. Giffin,S. Jajodia, S. Jha, J. Li, P. Liu,
Scope of the Cyber SA Problem
Background
Research Goals
Research Agenda
Principles and Rationales
A Collection of Viewpoints on the Research Agenda
Conclusion
References
Overview of Cyber Situation Awareness
George P. Tadda and John S. Salerno
What is Situation Awareness (SA)?
Situation Awareness Reference and Process Models
Situation Awareness Reference Model
Situation Awareness Process Model
Visualization
Application to the Cyber Domain
Measures of Performance and Effectiveness
Confidence
Purity
Cost Utility
Timeliness
Measures of Effectiveness
Conclusion
References
Part II The Reasoning and Decision Making Aspects
RPD-based Hypothesis Reasoning for Cyber Situation Awareness
John Yen, Michael McNeese, Tracy Mullen, David Hall, Xiaocong Fan, and Peng Liu
Introduction
Naturalistic Decision Making as a Holistic Model for Cyber SA
Decision and Hypotheses
The Recognition-Primed Decision (RPD) Model
RPD-based Hypothesis Generation and Reasoning for Cyber SA
Recognition-based Hypothesis Generation
Hypothesis-driven Story Building
Collaborative RPD-based Hypothesis Generation and Reasoning
Hypergraph-based Hypothesis Reasoning
Modeling Events as Network Entities
Hypergraph-based Network Analysis Techniques
Market-based Evidence Gathering
Summary
References
Uncertainty and Risk Management in Cyber SituationalAwareness
Jason Li, Xinming Ou, and Raj Rajagopalan
Reasoning about Uncertainty is a Necessity
Two Approaches to Handling Dynamic Uncertainty
The logical approach
The statistical approach
From Attack Graphs to Bayesian Networks
A case study
Desired properties of Bayesian Networks in Intrusion Analysis
Building BN’s from attack graphs
An Empirical Approach to Developing a Logic for Uncertainty in Situation Awareness
A case study
Encoding the case study in logic
Comparison with previous approaches
Static Uncertainty and Risk Management
CVSS metrics
Combining CVSS and Attack Graphs
Conclusion
References
Part III Macroscopic Cyber Situational Awareness
Employing Honeynets For Network Situational Awareness
P. Barford, Y. Chen, A. Goyal, Z. Li, V. Paxson, and V. Yegneswaran
Introduction
Background
Classifying Honeynet Activity
Experiences With Activity Classification
Situational Awareness In-depth
Source Arrivals
Destination/Source Net Coverage
Source Macro-analysis
Towards Automated Classification
Assessing Botnet Scanning Patterns
Monotonic Trend Checking
Checking for Liveness-Aware Scanning
Uniformity Checking
Dependency Checking
Extrapolating Global Properties
Assumptions and Requirements
Estimating Global Population
Exploiting IPID/Port Continuity
Extrapolating from Interarrival Times
Evaluation of Automated Classification
Basic Characteristics of Botnet Events
Event Correlation
Property-Checking Results
Extrapolation Evaluation & Validation
Summary
References
Assessing Cybercrime Through the Eyes of the WOMBAT
Marc Dacier, Corrado Leita, Olivier Thonnard, Van-Hau Pham,and Engin Kirda
Foreword
Introduction
Leurre.com v1.0 Honeyd
Historical background
Some technical aspects
Generic picture
Some illustrative examples
Leurre.com v2.0: SGNET
Increasing the level of interaction
ScriptGen
SGNET: a ScriptGen-based honeypot deployment
Analysis of Attack Events
Identification of Attack Events
Armies of Zombies
Impact of Observation View Point
Multi-Dimensional Analysis of Attack Events
Methodology
Clique-based Clustering
Combining Cliques of Attackers
Beyond Events Correlation: Exploring the epsilon-gamma-pi-mu space
Degrees of freedom
Interesting cases
Conclusions
References
Part IV Enterprise Cyber Situational Awareness
Topological Vulnerability Analysis
Sushil Jajodia and Steven Noel
Introduction
System Architecture
Illustrative Example
Network Attack Modeling
Analysis and Visualization
Scalability
Related Work
Summary
References
Cross-Layer Damage Assessment for Cyber Situational Awareness
Peng Liu, Xiaoqi Jia, Shengzhi Zhang, Xi Xiong, Yoon-Chan Jhi,Kun Bai, and Jason Li
INTRODUCTION
A Multi-Level Damage Assessment Framework
Existing Damage Assessment Techniques
Focus of This Work: Damage Assessment Cross Instruction Level and OS Level
PEDA: An Architecture For Fine-Grained Damage Assessment In A Production Environment
VM-Based Cross-Layer Damage Assessment: An Overview
System Model
Problem Statement
Overview of Our Approach
Design And Implementation
Cross-Layer Damage Assessment when the Guest Kernel is Not Compromised
Cross-Layer Damage Assessment when the Guest Kernel is Compromised
“What-if” Damage Assessment
Preliminary Evaluation
Compromised Process Damage Assessment Experiment
Malicious Kernel Module Experiment
RELATED WORK
LIMITATIONS
Conclusion
References
Part V Microscopic Cyber Situational Awareness
A Declarative Framework for Intrusion Analysis
Matt Fredrikson, Mihai Christodorescu, Jonathon Giffin,and Somesh Jha
Introduction
A Survey of Related Work
Forensic Analysis of Intrusions
Recovery From and Remediation of Intrusions
Intrusion Detection
Security Analysis
Event Collection and Processing Infrastructure
Common Characteristics of Existing Techniques
Overview and Case Study
Intrusion Scenario
System Auditing
Intrusion Analysis Framework
Information Extraction and Normalization
Event Correlation and Dependence Analysis
Simplification and Refinement
The SLog Declarative Programming Language
Language Constructs and Syntax
Semantics
Functional Evaluation
Collected Data
Usage and Results
Conclusion
References
Automated Software Vulnerability Analysis
Emre C. Sezer, Chongkyung Kil, and Peng Ning
Introduction
Common Ground
MemSherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities
Generating Write Sets
Debugging Vulnerabilities
Automated Debugging Using MemSherlock
CBones: Security Debugging Using Program StructuralConstraints
Program Structural Constraints
Security Debugging through Constraints Verification
Extracting Constraints
Runtime Monitoring
Security Debugging Using CBones
Comparison
Conclusion
References
Part VI The Machine Learning Aspect
Machine Learning Methods for High Level Cyber Situation Awareness
Thomas G. Dietterich, Xinlong Bao, Victoria Keiser,and Jianqiang Shen
Introduction
The TaskTracer System
Tracking the User’s Current Project
Assisting the User
Instrumentation
Machine Learning for Project Associations
The Email Tagger
Project Switch Detector
The Folder Predictor
Discovering User Workflows
Building the Information Flow Graph
Mining the Information Flow Graph
Recognizing Workflows
Experimental Evaluation
Discussion
Concluding Remarks
References

People also search for Cyber Situationa Awareness 1st:

cyber situational awareness tools
    
cyber situational awareness definition
    
unified cyber situational awareness
    
navy cyber situational awareness
    
european cyber situational awareness platform