Biblio

Filters: Keyword is cyber situational awareness  [Clear All Filters]
2019-03-28
Stavrou, E..  2018.  Enhancing Cyber Situational Awareness: A New Perspective of Password Auditing Tools. 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). :1-4.

Password auditing can enhance the cyber situational awareness of defenders, e.g. cyber security/IT professionals, with regards to the strength of text-based authentication mechanisms utilized in an organization. Auditing results can proactively indicate if weak passwords exist in an organization, decreasing the risks of compromisation. Password cracking is a typical and time-consuming way to perform password auditing. Given that defenders perform password auditing within a specific evaluation timeframe, the cracking process needs to be optimized to yield useful results. Existing password cracking tools do not provide holistic features to optimize the process. Therefore, the need arises to build new password auditing toolkits to assist defenders to achieve their task in an effective and efficient way. Moreover, to maximize the benefits of password auditing, a security policy should be utilized. Currently the efforts focus on the specification of password security policies, providing rules on how to construct passwords. This work proposes the functionality that should be supported by next-generation password auditing toolkits and provides guidelines to drive the specification of a relevant password auditing policy.

Silva, F. R. L., Jacob, P..  2018.  Mission-Centric Risk Assessment to Improve Cyber Situational Awareness. Proceedings of the 13th International Conference on Availability, Reliability and Security. :56:1-56:8.

Cyber situational awareness has become increasingly important for proactive risk management to help detect and mitigate cyber attacks. Being aware of the importance of individual information system assets to the goal or mission of the organisation is critical to help minimise enterprise risk. However current risk assessment methodologies do not give explicit support to assess mission related asset criticality. This paper describes ongoing efforts within the H2020 PROTECTIVE project to define a practical mission-centric risk assessment methodology for use across diverse organisation types.

McDermott, C. D., Petrovski, A. V., Majdani, F..  2018.  Towards Situational Awareness of Botnet Activity in the Internet of Things. 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). :1-8.
The following topics are dealt with: security of data; risk management; decision making; computer crime; invasive software; critical infrastructures; data privacy; insurance; Internet of Things; learning (artificial intelligence).
Llopis, S., Hingant, J., Pérez, I., Esteve, M., Carvajal, F., Mees, W., Debatty, T..  2018.  A Comparative Analysis of Visualisation Techniques to Achieve Cyber Situational Awareness in the Military. 2018 International Conference on Military Communications and Information Systems (ICMCIS). :1-7.
Starting from a common fictional scenario, simulated data sources and a set of measurements will feed two different visualization techniques with the aim to make a comparative analysis. Both visualization techniques described in this paper use the operational picture concept, deemed as the most appropriate tool for military commanders and their staff to achieve cyber situational awareness and to understand the cyber defence implications in operations. Cyber Common Operational Picture (CyCOP) is a tool developed by Universitat Politècnica de València in collaboration with the Spanish Ministry of Defence whose objective is to generate the Cyber Hybrid Situational Awareness (CyHSA). Royal Military Academy in Belgium developed a 3D Operational Picture able to display mission critical elements intuitively using a priori defined domain-knowledge. A comparative analysis will assist researchers in their way to progress solutions and implementation aspects.
2018-04-02
Doynikova, E., Kotenko, I..  2017.  CVSS-Based Probabilistic Risk Assessment for Cyber Situational Awareness and Countermeasure Selection. 2017 25th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). :346–353.

The paper suggests several techniques for computer network risk assessment based on Common Vulnerability Scoring System (CVSS) and attack modeling. Techniques use a set of integrated security metrics and consider input data from security information and event management (SIEM) systems. Risk assessment techniques differ according to the used input data. They allow to get risk assessment considering requirements to the accuracy and efficiency. Input data includes network characteristics, attacks, attacker characteristics, security events and countermeasures. The tool that implements these techniques is presented. Experiments demonstrate operation of the techniques for different security situations.

2018-02-06
Park, H. K., Kim, M. S., Park, M., Lee, K..  2017.  Cyber Situational Awareness Enhancement with Regular Expressions and an Evaluation Methodology. MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM). :406–411.

Cybersecurity is one of critical issues in modern military operations. In cyber operations, security professionals depend on various information and security systems to mitigate cyber threats through enhanced cyber situational awareness. Cyber situational awareness can give decision makers mission completeness and providing appropriate timely decision support for proactive response. The crucial information for cyber situational awareness can be collected at network boundaries through deep packet inspection with security systems. Regular expression is regarded as a practical method for deep packet inspection that is considering a next generation intrusion detection and prevention, however, it is not commonly used by the reason of its resource intensive characteristics. In this paper, we describe our effort and achievement on regular expression processing capability in real time and an evaluation method with experimental result.

Settanni, G., Shovgenya, Y., Skopik, F., Graf, R., Wurzenberger, M., Fiedler, R..  2017.  Acquiring Cyber Threat Intelligence through Security Information Correlation. 2017 3rd IEEE International Conference on Cybernetics (CYBCONF). :1–7.

Cyber Physical Systems (CPS) operating in modern critical infrastructures (CIs) are increasingly being targeted by highly sophisticated cyber attacks. Threat actors have quickly learned of the value and potential impact of targeting CPS, and numerous tailored multi-stage cyber-physical attack campaigns, such as Advanced Persistent Threats (APTs), have been perpetrated in the last years. They aim at stealthily compromising systems' operations and cause severe impact on daily business operations such as shutdowns, equipment damage, reputation damage, financial loss, intellectual property theft, and health and safety risks. Protecting CIs against such threats has become as crucial as complicated. Novel distributed detection and reaction methodologies are necessary to effectively uncover these attacks, and timely mitigate their effects. Correlating large amounts of data, collected from a multitude of relevant sources, is fundamental for Security Operation Centers (SOCs) to establish cyber situational awareness, and allow to promptly adopt suitable countermeasures in case of attacks. In our previous work we introduced three methods for security information correlation. In this paper we define metrics and benchmarks to evaluate these correlation methods, we assess their accuracy, and we compare their performance. We finally demonstrate how the presented techniques, implemented within our cyber threat intelligence analysis engine called CAESAIR, can be applied to support incident handling tasks performed by SOCs.

Guion, J., Reith, M..  2017.  Cyber Terrain Mission Mapping: Tools and Methodologies. 2017 International Conference on Cyber Conflict (CyCon U.S.). :105–111.

The Air Force is shifting its cybersecurity paradigm from an information technology (IT)-centric toward a mission oriented approach. Instead of focusing on how to defend its IT infrastructure, it seeks to provide mission assurance by defending mission relevant cyber terrain enabling mission execution in a contested environment. In order to actively defend a mission in cyberspace, efforts must be taken to understand and document that mission's dependence on cyberspace and cyber assets. This is known as cyber terrain mission mapping. This paper seeks to define mission mapping and overview methodologies. We also analyze current tools seeking to provide cyber situational awareness through mission mapping or cyber dependency impact analysis and identify existing shortfalls.

2017-11-27
Settanni, G., Shovgenya, Y., Skopik, F., Graf, R., Wurzenberger, M., Fiedler, R..  2016.  Correlating cyber incident information to establish situational awareness in Critical Infrastructures. 2016 14th Annual Conference on Privacy, Security and Trust (PST). :78–81.

Protecting Critical Infrastructures (CIs) against contemporary cyber attacks has become a crucial as well as complex task. Modern attack campaigns, such as Advanced Persistent Threats (APTs), leverage weaknesses in the organization's business processes and exploit vulnerabilities of several systems to hit their target. Although their life-cycle can last for months, these campaigns typically go undetected until they achieve their goal. They usually aim at performing data exfiltration, cause service disruptions and can also undermine the safety of humans. Novel detection techniques and incident handling approaches are therefore required, to effectively protect CI's networks and timely react to this type of threats. Correlating large amounts of data, collected from a multitude of relevant sources, is necessary and sometimes required by national authorities to establish cyber situational awareness, and allow to promptly adopt suitable countermeasures in case of an attack. In this paper we propose three novel methods for security information correlation designed to discover relevant insights and support the establishment of cyber situational awareness.

2017-03-07
Onwubiko, C..  2015.  Cyber security operations centre: Security monitoring for protecting business and supporting cyber defense strategy. 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1–10.

Cyber security operations centre (CSOC) is an essential business control aimed to protect ICT systems and support an organisation's Cyber Defense Strategy. Its overarching purpose is to ensure that incidents are identified and managed to resolution swiftly, and to maintain safe & secure business operations and services for the organisation. A CSOC framework is proposed comprising Log Collection, Analysis, Incident Response, Reporting, Personnel and Continuous Monitoring. Further, a Cyber Defense Strategy, supported by the CSOC framework, is discussed. Overlaid atop the strategy is the well-known Her Majesty's Government (HMG) Protective Monitoring Controls (PMCs). Finally, the difficulty and benefits of operating a CSOC are explained.

2015-05-05
Dressler, J., Bowen, C.L., Moody, W., Koepke, J..  2014.  Operational data classes for establishing situational awareness in cyberspace. Cyber Conflict (CyCon 2014), 2014 6th International Conference On. :175-186.

The United States, including the Department of Defense, relies heavily on information systems and networking technologies to efficiently conduct a wide variety of missions across the globe. With the ever-increasing rate of cyber attacks, this dependency places the nation at risk of a loss of confidentiality, integrity, and availability of its critical information resources; degrading its ability to complete the mission. In this paper, we introduce the operational data classes for establishing situational awareness in cyberspace. A system effectively using our key information components will be able to provide the nation's leadership timely and accurate information to gain an understanding of the operational cyber environment to enable strategic, operational, and tactical decision-making. In doing so, we present, define and provide examples of our key classes of operational data for cyber situational awareness and present a hypothetical case study demonstrating how they must be consolidated to provide a clear and relevant picture to a commander. In addition, current organizational and technical challenges are discussed, and areas for future research are addressed.
 

Sunny, S., Pavithran, V., Achuthan, K..  2014.  Synthesizing perception based on analysis of cyber attack environments. Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on. :2027-2030.

Analysing cyber attack environments yield tremendous insight into adversory behavior, their strategy and capabilities. Designing cyber intensive games that promote offensive and defensive activities to capture or protect assets assist in the understanding of cyber situational awareness. There exists tangible metrics to characterizing games such as CTFs to resolve the intensity and aggression of a cyber attack. This paper synthesizes the characteristics of InCTF (India CTF) and provides an understanding of the types of vulnerabilities that have the potential to cause significant damage by trained hackers. The two metrics i.e. toxicity and effectiveness and its relation to the final performance of each team is detailed in this context.