Cyber Situation Awareness: Rational Methods versus Instance-Based Learning Theory for Cyber Threat Detection
نویسندگان
چکیده
Cyber-attacks pose a grave threat to corporations and disrupt their normal functioning. The number of cyber attacks has been ever increasing and due to the loss of priceless information on account of these attacks there is an urgent necessity to check their prevalence. In this regard, the role of a security analyst, a human decision maker whose task is to accurately and timely detect cyber attacks,, is becoming indispensable. In this paper, we try to evaluate the popular view that a rational approach to cyber attack detection would likely yield better results than a cognitive approach applied to the same problem. An existing cognitive model, based upon Instance-Based Learning Theory (IBLT), is used to detail the decision-making process of a security analyst. Also, the same analyst’s decision-making process is detailed using a rationalactor Naïve Bayes Classifier (NBC) model. Both the IBL and NBC models are evaluated in their ability to accurately and timely detect cyber attacks in scenarios that differ in an attacker’s strategy: patient (threats occur late in an attack) and impatient (threats occur early in an attack). Results reveal that, in general, the IBL model has greater accuracy and timeliness in detecting cyber threats compared to the NBC model; however, the benefits of the cognitive (IBL) approach only show-up when the attacker’s strategy is impatient rather than patient. We discuss the implications of our results for cyber security.
منابع مشابه
Cyber Situation Awareness: Modeling Detection of Cyber Attacks With Instance-Based Learning Theory
OBJECTIVE To determine the effects of an adversary's behavior on the defender's accurate and timely detection of network threats. BACKGROUND Cyber attacks cause major work disruption. It is important to understand how a defender's behavior (experience and tolerance to threats), as well as adversarial behavior (attack strategy), might impact the detection of threats. In this article, we use co...
متن کاملInstance-based Learning Theory Cyber Situation Awareness: Modeling Detection of Cyber Attacks with on Behalf Of: Human Factors and Ergonomics Society
متن کامل
Cyber Insider Threats Situation Awareness Using Game Theory and Information Fusion-based User Behavior Predicting Algorithm
Cyber insider threat is a difficult problem because it is always covered by a legal identity. Researchers have proposed many methods to deal with this kind of problem which are model-based, graph-based and access control-based algorithms. However, many of these methods are dependent upon traditional IDS which are impacted by false positive rate and not suitable for insider problem any more. Som...
متن کاملA Markov Game Theoretic Data Fusion Approach for Cyber Situational Awareness
This paper proposes an innovative data-fusion/ data-mining game theoretic situation awareness and impact assessment approach for cyber network defense. Alerts generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention Sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (L1) data fusion components. High-level situation/threat assessment (L2/L3) data fusio...
متن کاملCyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning
In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. A security analyst is in charge of observing the online operations of a corporate network (e.g., an online retail company with an external webserver and an internal fileserver) from threats of random or organized cyber-attacks. The current work describes a cognitive Instance-based Learning (IBL...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013