developing systems for cyber situational awareness
play

Developing Systems for Cyber Situational Awareness* James Okolica, - PowerPoint PPT Presentation

Dec 21, 2023 •150 likes •355 views

Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Developing Systems for Cyber Situational Awareness* James Okolica, J. Todd McDonald, Gilbert L. Peterson, Robert F. Mills, and Michael W. Haas Center for

  1. Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Developing Systems for Cyber Situational Awareness* James Okolica, J. Todd McDonald, Gilbert L. Peterson, Robert F. Mills, and Michael W. Haas Center for Cyberspace Research Air Force Institute of Technology WPAFB, OH * The views expressed in this article are those of the authors and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the U.S. Government Air University: The Intellectual and Leadership Center of the Air Force 1 Integrity - Service - Excellence

  2. Overview Develop America's Airmen Today ... for Tomorrow • Defining Cyber Situational Awareness • The Cyber SA Problem Space • Developing a Cyber SA System • The Perception/ Prediction Loop • Understanding the Environment • Putting it all together • Future Work Air University: The Intellectual and Leadership Center of the Air Force 2 Integrity - Service - Excellence

  3. The Problem Develop America's Airmen Today ... for Tomorrow • April 28, 2007 - Distributed denial of service (DDOS) attacks began on a media website in Estonia and would later spread to Estonia’s critical infrastructure including banks, ministries, and police. • Feb 18, 2001 - Robert Hansen arrested for selling American secrets to Moscow for 22 years Air University: The Intellectual and Leadership Center of the Air Force 3 Integrity - Service - Excellence

  4. Situational Awareness Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 4 Integrity - Service - Excellence

  5. Cyber SA Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 5 Integrity - Service - Excellence

  6. Cyber SA Develop America's Airmen Today ... for Tomorrow Comprehension PERCEPTION Air University: The Intellectual and Leadership Center of the Air Force 6 Integrity - Service - Excellence

  7. Cyber SA Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 7 Integrity - Service - Excellence

  8. Insider Threat Cyber SA Develop America's Airmen Today ... for Tomorrow Business/Mission Individual Devices Data Environment Environment Email Application Logs User applications Threats Proxy server apps Nation state Firewall server apps Non-nation state Other server apps Petty Crime/Hackers System Logs Insiders Registry Ports Processes Off. Operation Mission Impact DLLs Data Exflitration Packet Traffic Data Modification Disaster Planning Firewall Attack Preparation Anti-Virus Network Mapping Mission Intrusion Detection Efficiencies Systems Vulnerabilities Content Data (e.g., backdoor) EXE files Documents System (e.g., rootkit) Images … Memory Page Files Sense Evaluate Assess Air University: The Intellectual and Leadership Center of the Air Force 8 Integrity - Service - Excellence

  9. Perception/ Prediction Loop Develop America's Airmen Today ... for Tomorrow • Model the Attack Process • Extract sensor requirements for each step in the process • Categorize sensors as • Distant Early Warning (DEW) line sensors – with minimal footprint to host systems, provide a high confidence of anomaly detection – lots of false positives • Focused sensors – more intrusive, processor intensive sensors that are tailored to detecting much more specific attacks • Develop and deploy sensors • Activate DEW line sensors • When DEW line is tripped, activate the focused sensors Air University: The Intellectual and Leadership Center of the Air Force 9 Integrity - Service - Excellence

  10. Multi-level Comprehension Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 10 Integrity - Service - Excellence

  11. Developing a Cyber SA System Develop America's Airmen Today ... for Tomorrow 2a. Operational Language Describing Operational 2c. Relationships Process between System 1. Model the and Operational Attack Process Languages 2b. System Language 5. Visualization Describing Tools Systems 4. Correlation/ 3. Sensor Comprehension Requirements Engines Air University: The Intellectual and Leadership Center of the Air Force 11 11 Integrity - Service - Excellence

  12. Next Steps Develop America's Airmen Today ... for Tomorrow • Develop Cyber Attack Models for multiple types of attacks • Extract requirements and develop sensors Air University: The Intellectual and Leadership Center of the Air Force 12 Integrity - Service - Excellence

  13. What about BPM? Develop America's Airmen Today ... for Tomorrow • Organizations design may oppose BPM - Stature by how large/ how much money • Wisdom of putting BPM on a networked computer • Cyber SA in place to secure network • However, Cyber SA depends on BPM for mission impact • BPM defines critical nodes and single points of failure • Tradeoff • Increased responsiveness & improved management situational awareness • Greater vulnerability to precision attack Air University: The Intellectual and Leadership Center of the Air Force 13 Integrity - Service - Excellence

  14. Questions Develop America's Airmen Today ... for Tomorrow ? Air University: The Intellectual and Leadership Center of the Air Force 14 Integrity - Service - Excellence

  15. Backup Slides Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 15 Integrity - Service - Excellence

  16. Cyber SA Environment Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 16 Integrity - Service - Excellence

  17. IDMEF Data Model Develop America's Airmen Today ... for Tomorrow IDMEF-Message Alert Heartbeat Analyzer Analyzer CreateTime CreateTime AdditionalData DetectTime AnalyzeTime Source Node User Process Service Target Node User Process Service File Classification Assessment AdditionalData Air University: The Intellectual and Leadership Center of the Air Force 17 Integrity - Service - Excellence

  18. Target Centric Ontology Develop America's Airmen Today ... for Tomorrow HOST Victim Of Attack System Consequence Component Effected By Sub class Of Denial of Probe Service Input Network System Process Remote to Local User to Causing Root UDP TCP Means Location IP Input Logic Validation Local Remote Exploit Error TCP/IP Buffer Atomicity Overflow Exception Error Buffer Condition Overflow TCP UDP Buffer Race Serialization Overflow Condition Error Socket Socket Air University: The Intellectual and Leadership Center of the Air Force 18 Integrity - Service - Excellence

  19. Information Relativity Develop America's Airmen Today ... for Tomorrow • Consider the data object “mission” • Does an object mean different things at different levels? • Does an object mean different things within a level depending on the producer/consumer of the object? Air University: The Intellectual and Leadership Center of the Air Force 19 Integrity - Service - Excellence

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin

Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin

A A Conceptual Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin Bahi , Olaf Manuel Maennel Centre For Digital Forensics and Cyber Security Tallinn University of Technology Evolvement of Cyber

470 views • 13 slides
CRUSOE: DATA MODEL FOR CYBER SITUATIONAL AWARENESS Tuesday 28 th August, 2018 Martin Husk Jana

CRUSOE: DATA MODEL FOR CYBER SITUATIONAL AWARENESS Tuesday 28 th August, 2018 Martin Husk Jana

CRUSOE: DATA MODEL FOR CYBER SITUATIONAL AWARENESS Tuesday 28 th August, 2018 Martin Husk Jana Komrkov Martin Latovika Daniel Tovark Introduction and Motivation CRUSOE Data Model Page 2 / 23 Cyber Situational Awareness

561 views • 23 slides
Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications

Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications

Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications Matthew Barker, Director Prof. Services Versant Corporation Situational Awareness Defined Agenda Short SA Video Big Data and Situational

545 views • 21 slides
Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The

Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The

Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The capability of an A.I. agent to reason is limited by the data its sensor's can acquire about the world The representation of the data we use to

537 views • 31 slides
Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply

Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply

Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply Chain Integrity Digital Mission www.data61.csiro.au Situational Awareness - Systems of Interest Factory Floor - Are the operations carried out

1.24k views • 87 slides
Toward Real-time Network-wide Cyber Situational Awareness Mini-conference NOMS 2018, April 27,

Toward Real-time Network-wide Cyber Situational Awareness Mini-conference NOMS 2018, April 27,

Toward Real-time Network-wide Cyber Situational Awareness Mini-conference NOMS 2018, April 27, 2018, Taipei, Taiwan Tomas Jirsik, Pavel Celeda Institute of Computer Science & Faculty of Informatics, Masaryk University, Czech Republic

145 views • 10 slides
Situational Awareness in pilotage operations VesCo Systems, Remote Pilot supported by the

Situational Awareness in pilotage operations VesCo Systems, Remote Pilot supported by the

Drones an aid to increased Situational Awareness in pilotage operations VesCo Systems, Remote Pilot supported by the Danish Maritime Fond Roadmap of this presentation The Vision for the The process of using How far have we use of

167 views • 14 slides
Proactive Risk Management through Improved Situational Awareness https://protective-h2020.eu/

Proactive Risk Management through Improved Situational Awareness https://protective-h2020.eu/

Proactive Risk Management through Improved Situational Awareness https://protective-h2020.eu/ PROTECTIVE is a H2020 funded Innovation Action to evolve cyber alert flow processing , namely: correlation, prioritisation, analysis,

962 views • 40 slides
NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness

NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness

Better Decisions in Moments of Truth with DTI 3D NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness Situational Awareness Perceive Comprehend Project Decide Act {"45752bf": [3958177,

347 views • 16 slides
Model-based Situational Awareness & the Digital Twin Ray Trechter, Manager P R E S E N T E D

Model-based Situational Awareness & the Digital Twin Ray Trechter, Manager P R E S E N T E D

Unclassified Unlimited Release SAND2018-4870 C Physical Security Center of Excellence Model-based Situational Awareness & the Digital Twin Ray Trechter, Manager P R E S E N T E D BY Interactive Systems Simulation & Analysis

390 views • 16 slides
Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and

Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and

Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and Integrated System Supporting Emergency Management Operations Maintain Conduct Manage Situational Damage Public Awareness Assessment Information

839 views • 41 slides
Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium

Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium

Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium December 1, 2016 Sacramento, CA Confidential Draft - For Internal Use Only 1 Visualization and Situational Awareness Demonstrations Aksel

289 views • 16 slides
Can we leverage network monitoring to build comprehensive situational awareness of our

Can we leverage network monitoring to build comprehensive situational awareness of our

Can we leverage network monitoring to build comprehensive situational awareness of our operating environments in a way that scales well? How could such an awareness allow us to find anomalous and malicious behavior? God I hope so. If

215 views • 7 slides
Self-Awareness: A Game Changing Topic for Cyber- Physical Systems? Game Changing and

Self-Awareness: A Game Changing Topic for Cyber- Physical Systems? Game Changing and

Self-Awareness: A Game Changing Topic for Cyber- Physical Systems? Game Changing and Controversial Topics in CPS, Budapest, 16 th April 2016. Holger Giese System Analysis & Modeling Group, Hasso Plattner Institute for Software Systems

144 views • 10 slides
Presentation Outline Bulk Power System Reliability Components NERC ACE-Frequency for

Presentation Outline Bulk Power System Reliability Components NERC ACE-Frequency for

C onsortium for DOE E lectric Situational R eliability Awareness for Resources T echnology Adequacy S olutions DOE Situational Awareness Application Using NERC Resources Adequacy Wide-Area Real Time Monitoring Application Presented by

741 views • 8 slides
Developing Cyber Resilient Systems A Systems Security Engineering Approach NATIONAL INSTITUTE OF

Developing Cyber Resilient Systems A Systems Security Engineering Approach NATIONAL INSTITUTE OF

NIST Special Publication 800-160, Volume 2 Developing Cyber Resilient Systems A Systems Security Engineering Approach NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY The Current Landscape Today's systems are very brittle, rely on a

595 views • 22 slides
Network Economics -- Lecture 4: Incen5ves and games

Network Economics -- Lecture 4: Incen5ves and games

Network Economics -- Lecture 4: Incen5ves and games in security Patrick Loiseau EURECOM Fall 2015 1 References J. Walrand. Economics

882 views • 70 slides
TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT ATTACKS IN THE INTERNET

TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT ATTACKS IN THE INTERNET

The 15th International Conference on Availability, Reliability and Security (ARES 2020) August 25 to August 28, 2020 in Dublin, Ireland ID-86 workshop paper (IoT-SECFOR) TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT

583 views • 13 slides
Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An

Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An

1 Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An optional recitation at 4:30-5:30pm on Wed (in CBC 104A) Due: Lab03 (stack overflow) on Sept 21 at midnight NSA Codebreaker Challenge

423 views • 20 slides
Systems Security: Countermeasures II Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Countermeasures II Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Countermeasures II Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands June 21, 2018 Outline 1 Masking Countermeasure 2 Control Flow Integrity 3 Intrusion Detection 2 / 22 Rotating S-box Masking

540 views • 22 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R udiger Kapitza 2 1 University

Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R udiger Kapitza 2 1 University

Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R udiger Kapitza 2 1 University of Lisboa, Portugal 2 University of Erlangen-N urnberg, Germany September 22, 2009 Overview Background 1 Why? When? Where? Towards

603 views • 34 slides
and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and

and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and

A RIZONA S TATE U NIVERSITY Fall 2016 Robust and Scalable Security Monitoring and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and Gail-Joon Ahn 11/18/2016 1 A RIZONA S TATE U NIVERSITY Background

893 views • 40 slides
Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security

Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security

Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security & Network Research Group University of Plymouth, UK http://www.network-research-group.org/ Agenda Basic definitions. Manifestation of

1.07k views • 50 slides

More recommend