Computer-aided Human Centric Cyber Situation Awareness

A DoD Multidisciplinary University Research Initiative (MURI) Project
Sponsored by Army Research Office
2009 - 2014

Sushil Jajodia
George Mason University
Peng Liu, John Yen, Mike McNeese, Dave Hall
Pennsylvania State University
Nancy Cooke
Arizona State University
Coty Gonzalez
Carnegie Mellon University
Peng Ning, Michael Young
North Carolina State University
V.S. Subrahmanian
University of Maryland

Today, when a security incident occurs, the top three questions security administrators would ask are in essence: What has happened? Why did it happen? What should I do?  Answers to the first two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly dependent upon the cyber situational awareness capability of an enterprise.

A variety of computer and network security research topics (especially some systems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons:

  • Inaccurate and incomplete vulnerability analysis, intrusion detection, and forensics.
  • Lack of capability to monitor certain microscopic system/attack behavior.  
  • Limited capability to transform/fuse/distill information into cyber intelligence. 
  • Limited capability to handle uncertainty.
  • Existing system designs are not very “friendly” to Cyber Situational Awareness.

The goal of this project is to explore ways to elevate the Cyber Situational Awareness capability of an enterprise to the next level by measures such as developing holistic Cyber Situational Awareness approaches and evolving existing system designs into new systems that can achieve self-awareness.