TY - GEN
T1 - Evaluation of Cyber Situation Awareness - Theory, Techniques and Applications
AU - Nikolov, Georgi
AU - Perez, Axelle
AU - Mees, Wim
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/7/30
Y1 - 2024/7/30
N2 - In recent years the technology field has grown exponentially, bringing with it new possibilities, but also new threats. This rapid advancement has created fertile grounds for new sophisticated cyber attacks, exhibiting a high degree of complexity. In an ever evolving cyber landscape, organizations need to dedicate valuable resources in enhancing their understanding of emergent threats for the purposes of identification, analysis and mitigation. To accomplish this task, they rely on Cyber Situation Awareness (CSA), a framework designed for the purposes of managing the virtual environment. This is achieved through the perception and comprehension of the behaviors therein, be that benign or malicious, followed by modeling the future state of the environment based on the gathered information. In this paper, we will discuss how exactly the theory of Situation Awareness has been applied to the cyber domain. Further on, we will present various techniques used for handling the large quantity of complex data and managing the dynamic nature of the environment by Cyber Situation Operation Centers (CSOC) and discuss in detail a number of methodologies that have been designed for the evaluation of the level of CSA. Finally, we will provide specific examples of simulated scenarios for the application of the CSA assessment techniques.
AB - In recent years the technology field has grown exponentially, bringing with it new possibilities, but also new threats. This rapid advancement has created fertile grounds for new sophisticated cyber attacks, exhibiting a high degree of complexity. In an ever evolving cyber landscape, organizations need to dedicate valuable resources in enhancing their understanding of emergent threats for the purposes of identification, analysis and mitigation. To accomplish this task, they rely on Cyber Situation Awareness (CSA), a framework designed for the purposes of managing the virtual environment. This is achieved through the perception and comprehension of the behaviors therein, be that benign or malicious, followed by modeling the future state of the environment based on the gathered information. In this paper, we will discuss how exactly the theory of Situation Awareness has been applied to the cyber domain. Further on, we will present various techniques used for handling the large quantity of complex data and managing the dynamic nature of the environment by Cyber Situation Operation Centers (CSOC) and discuss in detail a number of methodologies that have been designed for the evaluation of the level of CSA. Finally, we will provide specific examples of simulated scenarios for the application of the CSA assessment techniques.
KW - Assessment
KW - Cyber Situation Awareness
KW - Evaluation Methodologies
KW - Visualization
UR - http://www.scopus.com/inward/record.url?scp=85200322919&partnerID=8YFLogxK
U2 - 10.1145/3664476.3670921
DO - 10.1145/3664476.3670921
M3 - Conference contribution
AN - SCOPUS:85200322919
T3 - ACM International Conference Proceeding Series
BT - ARES 2024 - 19th International Conference on Availability, Reliability and Security, Proceedings
PB - Association for Computing Machinery
T2 - 19th International Conference on Availability, Reliability and Security, ARES 2024
Y2 - 30 July 2024 through 2 August 2024
ER -