This paper proposes an innovative data-fusion/ data-mining game theoretic situation awareness and impact assessment approach for cyber network defense. Alerts generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention Sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (L1) data fusion components. High-level situation/threat assessment (L2/L3) data fusio...

Cyber attacks endanger physical, economic, social, and political security. We use a Bayesian state space model to forecast the number of future cyber attacks. Cyber attacks were defined as malware detected by cyber analysts over seven years using cyber events (i.e., reports of malware attacks supported by evidence) at a large Computer Security Service Provider (CSSP). This CSSP protects a varie...

The United States Department of Defense (DoD) is engaged in a mission to unify its software systems towards a “net-centric” vision— where commanders gain advantage by rapidly producing, consuming, and sharing information using service oriented architectures (SOAs). In this paper, we study the cyber survivability of mission-critical net-centric systems, focusing on Ballistic-Missile-Defense (BMD...

With the growth of Internet connectivity critical national infrastructures have grown intertwined in complex networked relationships. At electrical substations, it is common to find equipment from several companies together administered remotely by several contractors via the Internet. The the threat of nation-state and terrorist cyber attacks further complicates the ad hoc arrangement until th...

" The book identifies the state-of-the-art tools and processes being used for cyber defense and highlights gaps in the technology. It presents the best practice of industry and government for incident detection and reponse and examines indicators and metrics for progress along the security continuum. "-Belfer Center (Harvard Kennedy School) The cyber security of vital infrastructure and service...

Objective: • Identify and fill the gap between machine info processing and analysts' SA mental processes. • Locate and remove the blind spots of existing cyber SA tools. • Build the next generation cyber defense Situation Room prototype.

My research interests span the areas of systems security, cyber-crime analysis, big-data security analytics, and machine learning for security. In systems security, I particularly focus on the analysis and detection of advanced and persistent threats, web application security, and web-borne malware defense. In cyber-crime analysis, I focus on malicious sites/URLs, exploit kits, and ransomware. ...

Manuscript received November 30, 2009. Current version published February 12, 2010. R. A. Fink is with the Johns Hopkins University/Applied Physics Laboratory, Laurel, MD 20723 USA, and also with the Cyber Defense Lab, Department of Computer Science and Electrical Engineering, University of Maryland, Baltimore County, Baltimore, MD 21250 USA (e-mail [email protected]). A. T. Sherman is with ...

Big Data can reduce the processing time of large volumes of data in the distributed computing environment using Hadoop. It also can predict potential cybersecurity breaches, help stop cyber attacks, and facilitate post-breach digital forensic analysis. This paper introduces Big Data applications in distributed analytics, general cybersecurity (general cyber threats, cyber attacks, and cyber sec...