Situation Awareness and Impact Assessment for Cyber Network Defense
Agency / Branch:
DOD / USAF
The work proposed under AF071-084 will investigate a new method and technology for solving the problems of situation awareness, cyber impact assessment, and attacker prediction. The new technology is couched in the Situation Management paradigm and is a variation of the case-based reasoning method used for situation assessment, assessment, and prediction. The work will follow the same architectural principles and evaluation methodology outlined in "Realizing Situation Awareness within a Cyber Environment" by Dr. John Salerno's team at AFRL. Salerno's paper describes three distinct approaches to Cyber Situational Awareness: (i) multi-entity Bayesian networks, (ii) a combination of finite state machines and hidden Markov models, and (iii) entrophy based on Information Theory. What is lacking in these approaches is an additional level 3 fusion technology that makes up for the problems of false positives, scalability, detection of complex attacks, and adaptability to new types of attacks. Current approaches are not inherently capability of solving these problems, but can be enhanced with level 3 fusion technology to overcome them.
Small Business Information at Submission:
P O Box 245 Plainsboro, NJ 08536
Number of Employees: