Welcome to the InfoSci Platform
Reference Hub3
Cyber Situation Awareness through Instance-Based Learning: Modeling the Security Analyst in a Cyber-Attack Scenario

Cyber Situation Awareness through Instance-Based Learning: Modeling the Security Analyst in a Cyber-Attack Scenario

Varun Dutt, Cleotilde Gonzalez
Copyright: © 2012 |Pages: 16
ISBN13: 9781466601048|ISBN10: 1466601043|EISBN13: 9781466601055
DOI: 10.4018/978-1-4666-0104-8.ch008
Cite Chapter Cite Chapter

MLA

Dutt, Varun, and Cleotilde Gonzalez. "Cyber Situation Awareness through Instance-Based Learning: Modeling the Security Analyst in a Cyber-Attack Scenario." Situational Awareness in Computer Network Defense: Principles, Methods and Applications, edited by Cyril Onwubiko and Thomas Owens, IGI Global, 2012, pp. 125-140. https://doi.org/10.4018/978-1-4666-0104-8.ch008

APA

Dutt, V. & Gonzalez, C. (2012). Cyber Situation Awareness through Instance-Based Learning: Modeling the Security Analyst in a Cyber-Attack Scenario. In C. Onwubiko & T. Owens (Eds.), Situational Awareness in Computer Network Defense: Principles, Methods and Applications (pp. 125-140). IGI Global. https://doi.org/10.4018/978-1-4666-0104-8.ch008

Chicago

Dutt, Varun, and Cleotilde Gonzalez. "Cyber Situation Awareness through Instance-Based Learning: Modeling the Security Analyst in a Cyber-Attack Scenario." In Situational Awareness in Computer Network Defense: Principles, Methods and Applications, edited by Cyril Onwubiko and Thomas Owens, 125-140. Hershey, PA: IGI Global, 2012. https://doi.org/10.4018/978-1-4666-0104-8.ch008

Export Reference

Mendeley
Favorite

Abstract

In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. The current work describes a cognitive Instance-Based Learning (IBL) model of an analyst’s recognition and comprehension processes in a cyber-attack scenario. The IBL model first recognizes network events based upon events’ situation attributes and their similarity to past experiences (instances) stored in the model’s memory. Then, the model comprehends a sequence of observed events as being a cyber-attack or not, based upon instances retrieved from its memory, similarity mechanism used, and the model’s risk-tolerance. The execution of the model generates predictions about the recognition and comprehension processes of an analyst in a cyber-attack. A security analyst’s decisions in the model are evaluated based upon two cyber-SA metrics of accuracy and timeliness. The chapter highlights the potential of this research for design of training and decision support tools for security analysts.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.