Learn More
In this paper we are concerned with event-based situation analysis. Application areas include the understanding and awareness of complex unfolding scenarios such as homeland security threats and future battlespace engagements. The paper (i) discusses the differences between the environments/requirements for event-based management and situation management,(More)
When event correlation was first used in integrated management, in the early 1980s, several techniques devised by the artificial intelligence and database communities were applied to network element management for analyzing alarms sent by expensive, self-monitoring telephone switches. Today, it is used for detecting faults in wireless networks, for(More)
The paper proposes a conceptual framework and a method for assessing impact that cyber attacks might have to cyber assets, services, and missions. The paper describes the model of a cyber attack based on an extended conceptual graph. It introduces the notion of a cyber-terrain as a multilevel information structure containing assets and services, and their(More)
Previous work in automating insider threat detection has included top-down analysis and fusion of events from network and system monitors. Situation-awareness can extend the capability of such techniques to include observables outside of cyber-space. The application of situation-management to insider threats is becoming more practical due to the growing(More)