|
¡¡
|
¡¡
|
¡¡
|
Research Challenges
|
|
Today¡¯s cyber
situation awareness (C-SA) has two fundamental limitations:
- Existence of huge gap
between human cognition and C-SA algorithms (and tools): The amount
of information contained in ¡°raw¡± situation data collected by C-SA
tools is several orders of magnitude greater than the ¡°cognition
throughput¡± of human analysts; Critical links from data to decision
are missing.
- Existence
of big ¡°blind spots¡±: existing cyber SA tools and systems,
including auditing, vulnerability scanners, attack graph tools,
intrusion detection systems, damage assessment tools, and forensics
tools, still have big ¡°blind spots¡± in their ¡°views¡± of the cyber
situation in concern.
¡¡
|
|
Research Thrusts
|
Cognition
Automation
|
- Develop
Cyber SA systems that exhibit intelligent behavior.
- Experience-based
automatic situation recognition and projection.
- Intelligent
agents assisting human analysts in gaining Cyber SA.
- Cyber SA ¡°Cognition
Throughput¡± evaluation.
- Discover
the bottlenecks in team-based Cyber SA.
|
|
¡°Blind
Spots¡± Monitoring
|
- Advanced
system integrity monitoring.
- Decouple
microscopic SA analysis from online servers via heterogeneous VM
migration & replay.
- Automatic
OS kernel code/data profiling.
- Automatic
application behavior profiling.
- SA
monitors on critical paths of information flows.
|
|
Situation
Knowledge Fusion
|
- Scalable
graph-based situation knowledge representation and management.
- Uncertainty
management.
¡¡
|
|
Visual
Analytics
|
- Digital
gaming based visual analytics.
- 3-D cave
based visual analytics.
|
|
¡¡
¡¡
¡¡
¡¡
¡¡
|
¡¡
|
|
