Gaps and Opportunities in Situational Awareness for Cybersecurity

Gutzwiller, Robert S.; Dykstra, Josiah; Payne, Bryan D.

doi:10.1145/3384471

Cited by 30 publications

(13 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These examples from the past two years illustrate the issues of evaluation of expert systems in cybersecurity caused by many specifics of this particular field of application. Evaluation of such and similar tools before 2020 was nearly non‐existent, as noted by Gutzwiller et al 72 …”

Section: Discussionmentioning

confidence: 99%

“…A testbed could be set up to create a benchmark for the evaluation of the system in a controlled environment. However, field trials and more interactions with potential users shall give more insights than formal evaluation or performance analysis 70‐72 . We plan to extend the number of modeled missions and circle of their stakeholders to collect feedback on the decision support system and its features.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Javorník

Husák

2022

Engineering Reports

View full text Add to dashboard Cite

We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, that is, discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, that is, how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Javorník

Husák

2022

Engineering Reports

View full text Add to dashboard Cite

show abstract

“…The mean value sequence is subtracted from the original sequence to obtain a new sequence 1 1 () ht with low frequency removed:…”

Section: Empirical Mode Decompositionmentioning

confidence: 99%

“…Various network security threats and complex network attacks mean to make it difficult for traditional anti-virus software, firewalls, and other protective means to take the initiative to defend. To cope with the severe form of network security, the network security situational awareness technology has received extensive attention since it was put forward [1][2] . As its core research category, Through the analysis and fusion of historical network data, the future security of the network can be predicted in advance within a period of time, various threats and attacks that may occur in the future can be warned, network administrators can be helped to allocate network resources reasonably in advance, and corresponding measures can be taken to deal with various network risks.…”

Section: Introductionmentioning

confidence: 99%

Network Security Situation Prediction Model Based on EMD and ELPSO Optimized BiGRU Neural Network

Zhang

et al. 2021

Preprint

View full text Add to dashboard Cite

The traditional network security situation prediction method depends on the accuracy of historical situation values, and there are correlations and differences in importance among various network security factors. To solve the above problems, a combined forecasting model based on Empirical Mode Decomposition and improved Particle Swarm Optimization (ELPSO) to optimize BiGRU neural network (EMD-ELPSO-BiGRU) is proposed. Firstly, the model decomposes the network security situation data sequence into a series of intrinsic modal components by empirical mode decomposition; Then, the prediction model of the BiGRU neural network is established for each modal component, and an improved Particle Swarm Optimization Algorithm (ELPSO) is proposed to optimize the super parameters of BiGRU neural network. Finally, the prediction results of each modal component are superimposed to obtain the final prediction value of the network security situation. In the experiment, on the one hand, ELPSO is compared with other particle swarm optimization algorithms, and the results show that ELPSO has better optimization performance; On the other hand, through simulation test and comparison between EMD-ELPSO-BiGRU and other traditional forecasting methods, the results show that the established combined forecasting model has higher forecasting accuracy.

show abstract

“…While allowing for unbiased, objective scored measurements of SA, SAGAT requires a freezing of a simulation for a query response (Endsley et al, 1998). While SAGAT may be leveraged to evaluate a participant's reaction or response to a simulated cyber attack or risk scenario, the digital plane complicates how to measure cyber awareness as data may be collected passively and thus threats may be less overt (Gutzwiller et al, 2020).…”

Section: Measurement Of Cyber Situational Awareness In Clinical Trial...mentioning

confidence: 99%

Cyber-Situational Awarenss in Clinical Trials Using Wearable Device Technology

Johnson¹,

Carrington²

2021

Proceedings of the International Symposium on Human Factors and

View full text Add to dashboard Cite

It is estimated 1 in 3 clinical trials utilize a wearable device to gather real-time participant data, including sleep habits, telemetry, and physical activity. While wearable technologies (including smart watches, USBs, and implantable devices) have been revolutionary in their ability to provide a higher precision and accuracy to data acquisition external to the research milieu, there is hesitancy among providers and participants alike given security concerns, perception of cyber-related threats, and meaning attributed to privacy issues. The purpose of this research is to define cyber-situational awareness (CSA) as it pertains to clinical trials, evaluate its current measurement, and describe best practices for research investigators and trial participants to enhance protections in the digital age. This paper reviews integrated elements of CSA within the process of informed consent when wearable devices are implemented for trial procedures. Evaluation of CSA as part of informed consent allows the research site to support the participant in knowledge gaps surrounding the technology while also providing feedback to the trial sponsor as to technology improvements to enhance usability and wearability of the device.

show abstract

Gaps and Opportunities in Situational Awareness for Cybersecurity

Cited by 30 publications

References 27 publications

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Network Security Situation Prediction Model Based on EMD and ELPSO Optimized BiGRU Neural Network

Cyber-Situational Awarenss in Clinical Trials Using Wearable Device Technology

Contact Info

Product

Resources

About