A collaborative approach to situational awareness for cybersecurity

@article{Mathews2012ACA,
  title={A collaborative approach to situational awareness for cybersecurity},
  author={M. Lisa Mathews and Paul Halvorsen and Anupam Joshi and Timothy W. Finin},
  journal={8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom)},
  year={2012},
  pages={216-222}
}
  • M. Mathews, Paul Halvorsen, Timothy W. Finin
  • Published 14 October 2012
  • Computer Science
  • 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom)
Traditional intrusion detection and prevention systems have well known limitations that decrease their utility against many kinds of attacks. Creating a new system that collaboratively combines information from traditional and nontraditional sensors to produce new, relevant signatures is one way to deal with these limitations. In this paper, we present a framework that uses this collaborative approach, as well as the details for a network traffic based classifier that shows promise for… 

Figures from this paper

Detecting Botnets using a Collaborative Situational-aware IDPS
TLDR
A semantic approach to intrusion detection that uses a variety of sensors collaboratively leads to a more robust, situational-aware IDPS that is better equipped to detect complicated attacks such as botnets.
Early Warning Systems for Cyber Defence
TLDR
This paper discusses such challenges and presents the reader with compelling motivation and a carefully deployed empirical analysis using a real world attack scenario and a real network traffic capture is presented.
Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation
TLDR
A machine learning based situational awareness framework that detects existing and newly introduced network-enabled entities, utilizing the real-time awareness feature provided by the SDN paradigm, assesses them against known vulnerabilities, and assigns them to a connectivity-appropriate network slice.
Detecting data exfiltration by integrating information across layers
TLDR
This work describes a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer, to ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.
CyberTwitter: Using Twitter to generate alerts for cybersecurity threats and vulnerabilities
TLDR
CyberTwitter, a system to discover and analyze cybersecurity intelligence on Twitter and serve as a OSINT (Open-source intelligence) source is described, which uses the Semantic Web RDF to represent the intelligence gathered and SWRL rules to reason over extracted intelligence to issue alerts for security analysts.
Processing Tweets for Cybersecurity Threat Awareness
Supporting Situationally Aware Cybersecurity Systems 30 th September 2015
TLDR
This report describes the Unified Cyber Security ontology (UCO), the first cyber security ontology that has been mapped to general world ontologies to support broader and diverse security use-cases and compares the resulting ontology with previous efforts, its strengths and limitations, and potential future work directions.
Information Requirements for National Level Cyber Situational Awareness
TLDR
The main focus of this paper is to examine the information elements that need to be collected and included in a common operational picture in order for stakeholders to acquire cyber situational awareness.
Cyber-Physical Topology Language: Definition, Operations, and Application
  • C. Cheh, G. Weaver, W. Sanders
  • Computer Science
    2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC)
  • 2015
TLDR
This paper formally defines the Cyber-Physical Topology Language (CPTL) as well as operations on CPTL models that can be used to infer a system's security state and provides experimental results that illustrate the practicality of the approach.
MCF-CSA: A Multi-level Collaboration Framework for Cyber Situation Awareness and Information Sharing
TLDR
MCF-CSA is proposed, a multi-level collaboration framework for cyber situation awareness and information sharing model against such national broader class of cyber defense that leverages data collaboration to achieve cybersecurity data convergence, integration and sharing on demand among key industries, enterprises and research institutions.
...
1
2
...

References

SHOWING 1-10 OF 19 REFERENCES
A Knowledge-Based Approach to Intrusion Detection Modeling
TLDR
This work presents a situation-aware intrusion detection model that integrates these heterogeneous data sources and build a semantically rich knowledge-base to detect cyber threats/vulnerabilities.
Intrusion Detection: Modeling System State to Detect and Classify Aberrant Behavior
TLDR
This work presents a dual-phase host-based intrusion detection process, using the DARPA Agent Markup Language + Ontology Inference Layer to specify the data model as a ontology and the Java Theorem Prover to reason over and classify instances data that were deemed to be anomalous in the first phase of the process.
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
TLDR
This paper presents what it believes to be the first exploratory look at protocol identification in encrypted tunnels which carry traffic from many TCP connections simultaneously, using only post-encryption observable features, and investigates the extent to which common application protocols can be identified using only the features that remain intact after encryption.
Extracting Information about Security Vulnerabilities from Web Text
TLDR
The results suggest that the initial work on developing a framework to detect and extract information about vulnerabilities and attacks from Web text can be useful in monitoring streams of text from social media or chat rooms to identify potential new attacks and vulnerabilities or to collect data on the spread and volume of existing ones.
Modeling Computer Attacks: An Ontology for Intrusion Detection
TLDR
In this research, low level kernel attributes at the process, system and network levels, are focused on to serve as those taxonomic characteristics in an ontology.
Using DAML+OIL to classify intrusive behaviours
TLDR
An ontology specifying a model of computer attack based upon an analysis of over 4000 classes of computer intrusions and their corresponding attack strategies and is categorised according to system component targeted, means of attack, consequence of attack and location of attacker is produced.
Bayesian Neural Networks for Internet Traffic Classification
TLDR
A traffic classifier that can achieve a high accuracy across a range of application types without any source or destination host-address or port information is presented, using supervised machine learning based on a Bayesian trained neural network.
Inferring users' online activities through traffic analysis
TLDR
This paper implements a hierarchical classification system based on machine learning algorithms to discover what a user is doing on his/her computer and shows that it can distinguish different online applications on the accuracy of about 80% in 5 seconds and over 90% accuracy if the eavesdropping lasts for 1 minute.
Accurate Classification of the Internet Traffic Based on the SVM Method
TLDR
This paper uses the SVM (support vector machine) method to train 7 classes of applications of different characteristics, captured from a campus network backbone, and a discriminator selection algorithm is developed to obtain the best combination of the features for classification.
Resource Description Framework
TLDR
A novel variant of RDF(S), called RDFS-FA, is introduced, which provides a solid semantic foundation for many of the latest Description Logic-based SW ontology languages, such as OWL-DL and OWL2-DL.
...
1
2
...