Cyber Situational Awareness using Intelligent Information Fusion Engine (IIFE)

Year 2015, Volume: 36 Issue: 3, 3218 - 3229, 13.05.2015

Mostafa Heidarpour , Ali J. Rashidi Kourosh D. Ahmadi

Abstract

Abstract. Situational awareness (SA) represents a knowledge state which is obtained from existing information, and plays an important role in decision making process. Considering the importance of making the best decisions in the shortest time, improving situational awareness, to aim a better perception and comprehension from existing situation, has been a basic topic in recent researches in a variety of domains. In cyber domain, because of its complexity and large amount of data which gathered from different sensors, we need a well suited model for situational awareness to denote all aspects of this domain. In this paper, a new model of situational awareness is proposed which uses intelligent information fusion engine (IIFE) as a main element of situational awareness system. The proposed model is capable of managing large amounts of data and represents a higher abstract level of information. It can also drive knowledge acquisition and evaluates the current situation based on acquired knowledge. 

Keywords

Situational Awareness, Cyber Defense, Intelligent Fusion Engine, Information Fusion

References

• Adams, M. J., Tenney, Y. J., & Pew, R. W. (1995). Situation awareness and the cognitive management of complex systems. Human Factors: The Journal of the Human Factors and Ergonomics Society, 37(1), 85-104.
• Barford, P., Dacier, M., Dietterich, T. G., Fredrikson, M., Giffin, J., Jajodia, S. ... & Yen, J. (2010). Cyber SA: Situational awareness for cyber defense. In Cyber Situational Awareness (pp. 3-13). Springer US.
• BERINGER, D., & HANCOCK, P. (1989). Exploring situational awareness- A review and the effects of stress on rectilinear normalization ((aircraft pilot performance)). In International Symposium on Aviation Psychology, 5th, Columbus, OH (pp. 646-651).
• Ditzel, M., van den Broek, S., Hanckmann, P., & van Iersel, M. (2011). DAFNE–a distributed and adaptive fusion engine. In Hybrid Artificial Intelligent Systems (pp. 100- 109). Springer Berlin Heidelberg.
• Elshoush, H. T., & Osman, I. M. (2011). Alert correlation in collaborative intelligent intrusion detection systems—A survey. Applied Soft Computing, 11(7), 4349-4365.
• Endsley, M. R. (1995). Toward a theory of situation awareness in dynamic systems. Human Factors: The Journal of the Human Factors and Ergonomics Society, 37(1), 32- 64.
• Franke, U., & Brynielsson, J. (2014). Cyber situational awareness–A systematic review of the literature. Computers & Security, 46, 18-31.
• Friedberg, I., Skopik, F., & Fiedler, R. (2015). Cyber situational awareness through network anomaly detection: state of the art and new approaches. E&I Elektrotechnik und Informationstechnik, 132(2), 101-105.
• Gundersen, O. E. (2013). Situational awareness in context. In Modeling and Using Context (pp. 274-287). Springer Berlin Heidelberg.
• Khaitan, S., & Raheja, S. (2011). Finding optimal attack path using attack graphs: a survey. International Journal of Soft Computing and Engineering, 1(3), 2231-2307.
• Kott, A., Wang, C., & Erbacher, R. (2014). Cyber Defense and Situational Awareness. Springer.
• Lipson, H. F. (2002). Tracking and tracing cyber-attacks: Technical challenges and global policy PITTSBURGH PA SOFTWARE ENGINEERING INST.
• CMU/SEI-2002-SR-009).
• CARNEGIE-MELLON UNIV
• Liu, J., Feng, X. W., Li, J., & Wang, D. X. (2013). Cyber Security Situation Awareness
• Based on Data Mining. Advanced Materials Research, 756, 4336-4342.
• McGuinness, B., & Foy, L. (2000, October). A subjective measure of SA: the Crew
• Awareness Rating Scale (CARS). In Proceedings of the first human performance, situation awareness, and automation conference, Savannah, Georgia.
• Mirheidari, S. A., Arshad, S., & Jalili, R. (2013). Alert Correlation Algorithms: A Survey and Taxonomy. In Cyberspace Safety and Security (pp. 183-197). Springer International Publishing. [16] ORCA Development http://orca.ornl.gov/Fusion_Engine.html. Team. (2011). ORCA Fusion Engine,
• Saab group. (2012, January). Track data fusion engine adaptable to your demands, Security and Defense Solutions, Sweden. http://saab.com/air/air-c4i-solutions/data- information-fusion/Track-Data-Fusion-Engine.
• Salerno, J. (2008, June). Measuring situation assessment performance through the activities of interest score. In Information Fusion, 2008 11th International Conference on (pp. 1-8). IEEE.
• Sarter, N. B., & Woods, D. D. (1991). Situation awareness: A critical but ill-defined phenomenon. The International Journal of Aviation Psychology, 1(1), 45-57.
• Stotz, A., & Sudit, M. (2007, July). Information fusion engine for real-time decision- making (INFERD): A perceptual system for cyber-attack tracking. In Information Fusion, 2007 10th International Conference on (pp. 1-8). IEEE.
• Tadda, G. P., & Salerno, J. S. (2010). Overview of cyber situation awareness. In Cyber situational awareness (pp. 15-35). Springer US.
• Yu, W., Xu, G., Chen, Z., & Moulema, P. (2013, October). A cloud computing based
• architecture for cyber security situation awareness. In Communications and Network Security (CNS), 2013 IEEE Conference on (pp. 488-492). IEEE.