Uploaded bymmubashirkhan
PPTX, PDF2,261 views

Situational awareness for computer network security

This document discusses situational awareness, both traditional and cyber, and presents a scenario of a cyber attack. It introduces the Instance Based Learning Theory (IBLT) model for evaluating a security analyst's cyber situational awareness when responding to network events during an island hopping attack. Key factors that influence the analyst's decisions are described. The IBLT model represents situations, decisions, and utilities to model how analysts make judgments based on prior experiences stored in memory.

Embed presentation

Downloaded 73 times
Presented By Ayesha Khaliq
 What is Situational Awareness  Why situational awareness for computer network security  Traditional SA  Cyber SA  Simple scenario of cyber Attack  Factors  Instance based learning theory model(IBLT)  conclusion
 Situation awareness (SA) involves being aware of what is happening in the vicinity  It is also a field of study concerned with perception of the environment critical for decision- makers in complex areas from aviation, air traffic control, power plant operations, military command and control, and IT services.
 For security purpose many organizations have their own Computer Security Incident Response Teams which are responsible for ensuring, availability and integrity and confidentiality of network services. Their main key responsibility is to maintain situational awareness over thousands of network objects and events .  In short situational awareness is the prevention from threats and future crimes in the field of computer network security
Normally situational awareness involves predictions related to time, space references and object. For describing Traditional situational awareness we can take the example of aircraft pilot, from his point of view, he should take care of aircraft status, speed, direction ,position(long, lat),the location of other aircraft, friends, enemies, surrounding landing sites and the mission
when we talk about cyber situational awareness so one should aware from status and the topology of IT infrastructure which is complex to handle. Network component are usually located using reference in logical architecture.
The cyber infrastructure typically consists of web server and fileserver that are protected by two firewall in demilitarized zone (DMZ), where DMZ separates the external network (internet) and company’s internal network(LAN). The web server involves with customer interactions on a company’s website while the fileserver is a repository for many workstations that are internal to the company and that allow company employees to do their daily operations . The firewall 1 controls the traffic between DMZ and the internet Firewall 2 allows a Network File System (NFS) protocol access between the fileserver and web server
 In this cyber infrastructure mostly attackers follows a sequence of “Island Hopping Attack” where the web server is compromised first, and then the web server is used to originate attacks on the fileserver (through venerability in the NFS protocol) and other company workstations  In this simple scenario, a security analyst is exposed to a sequence of 25 network events (consisting of both threat and non-threat events), whose nature is not precisely defined to a security analyst  He is also able to observe alerts that correspond to some network events using an intrusion detection system (IDS) (Jajodia et al., 2010). The IDS raises an alert for suspicious file executions or suspicious packet transmission events that is generated on the corporate network
The knowledge level of the analyst in terms of the mix of threat and non-threat experiences stored in analyst’s memory.  The analyst’s risk-tolerance level, i.e., the willingness of an analyst to classify a sequence of events as a cyber-attack.  The analyst’s similarity model, i.e., the process that the analyst uses to compare network events with prior experiences that are stored in his memory
IBLT is a theory of how people make decisions from experience in complex environments IBLT proposes that people represent every decision making situation as instances that are stored in memory IBLT composed of three part :Situation(S),Decision(D),and Utility(U)
The IBL model of the security analyst can be implemented by using Matlab software
Due to the growing threat to our cyber infrastructure and the heightened need to implement cyber security, it becomes important to evaluate the cyber situation awareness (cyber-SA) of security analysts in different cyber-attack scenarios. In this research, I suggest a memory-based account, based upon instance-based learning theory, of the decisions of a security analyst who is put in a popular cyber-attack scenario of an island-hopping attack
 http://www.hss.cmu.edu/departments/sds/ ddmlab/papers/Dutt.Gonzalez.2012  ftp://ftp.rta.nato.int/Pubfulltext/RTO/MP/RT O-MP-IST-043/MP-IST-043-20
Situational awareness for computer network security

More Related Content

PPTX
Network Intrusion Detection and Countermeasure Selection
byPramod M Mithyantha
 
PDF
Internal security on an ids based on agents
bycsandit
 
PDF
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
byIJNSA Journal
 
PDF
A technical review and comparative analysis of machine learning techniques fo...
byIJECEIAES
 
PDF
Vertualisation
byChkifa Khalid
 
PPTX
Self protecteion in clustered distributed system new
bySahithi Naraparaju
 
PDF
How endpoint security works
bySilver Touch Technologies Limited
 
PPTX
Self protecteion in clustered distributed system new
bySahithi Naraparaju
 
Network Intrusion Detection and Countermeasure Selection
byPramod M Mithyantha
 
Internal security on an ids based on agents
bycsandit
 
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
byIJNSA Journal
 
A technical review and comparative analysis of machine learning techniques fo...
byIJECEIAES
 
Vertualisation
byChkifa Khalid
 
Self protecteion in clustered distributed system new
bySahithi Naraparaju
 
How endpoint security works
bySilver Touch Technologies Limited
 
Self protecteion in clustered distributed system new
bySahithi Naraparaju
 

What's hot

DOCX
Ids 015 architecture and implementation of ids
byjyoti_lakhani
 
PPTX
Cyber intrusion
byKishor Datta Gupta
 
PDF
1776 1779
byEditor IJARCET
 
PDF
3778975074 january march 2015 1
bynicfs
 
PDF
Ijnsa050214
byIJNSA Journal
 
PPT
Euro mGov Securing Mobile Services
byMiguel Ponce de Leon @ TSSG / Waterford Institute of Technology
 
PDF
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
byIJNSA Journal
 
PDF
Monitoring your organization against threats - Critical System Control
byMarc-Andre Heroux
 
PDF
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
byCSCJournals
 
DOCX
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Rre a-game-theoretic-intrusion-r...
byIEEEMEMTECHSTUDENTPROJECTS
 
DOCX
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
byIEEEMEMTECHSTUDENTPROJECTS
 
PPTX
Mobile slide
byAman singh
 
PPTX
Collaborative defence strategies for network security
bysonukumar142
 
PDF
02.security systems
bySri Lanka Institute of Information Technology
 
PPTX
IDS
byprimeteacher32
 
Ids 015 architecture and implementation of ids
byjyoti_lakhani
 
Cyber intrusion
byKishor Datta Gupta
 
1776 1779
byEditor IJARCET
 
3778975074 january march 2015 1
bynicfs
 
Ijnsa050214
byIJNSA Journal
 
Euro mGov Securing Mobile Services
byMiguel Ponce de Leon @ TSSG / Waterford Institute of Technology
 
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
byIJNSA Journal
 
Monitoring your organization against threats - Critical System Control
byMarc-Andre Heroux
 
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
byCSCJournals
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Rre a-game-theoretic-intrusion-r...
byIEEEMEMTECHSTUDENTPROJECTS
 
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...
byIEEEMEMTECHSTUDENTPROJECTS
 
Mobile slide
byAman singh
 
Collaborative defence strategies for network security
bysonukumar142
 
02.security systems
bySri Lanka Institute of Information Technology
 
IDS
byprimeteacher32
 

Similar to Situational awareness for computer network security

PDF
ONTOLOGY-BASED MODEL FOR SECURITY ASSESSMENT: PREDICTING CYBERATTACKS THROUGH...
byIJNSA Journal
 
PDF
NSAS: NETWORK SECURITY AWARENESS SYSTEM
byInternational Journal of Technical Research & Application
 
PPTX
Cyber Security PPT.pptx
byBhanuRoyal4
 
PDF
Addressing cyber security
byFemi Ashaye
 
PDF
Cyber Threat Intelligence
byZaiffiEhsan
 
PDF
IDS - Fact, Challenges and Future
byamiable_indian
 
PPTX
Network security situational awareness
byHuda Seyam
 
DOCX
Network and web security
byNitesh Saitwal
 
PDF
Cyber Security
byNC Military Business Center
 
PDF
Network Threat Characterization in Multiple Intrusion Perspectives using Data...
byIJNSA Journal
 
PDF
Detection &Amp; Prevention Systems
byAlison Hall
 
PPT
Using Event Processing to Enable Enterprise Security
byTim Bass
 
PDF
[Bucharest] Attack is easy, let's talk defence
byOWASP EEE
 
PDF
IDS / IPS Survey
byDeris Stiawan
 
PDF
Army Study: Ontology-based Adaptive Systems of Cyber Defense
byRDECOM
 
PPTX
Information security
byRohit Gir
 
PDF
Francesca Bosco, Le nuove sfide della cyber security
byAndrea Rossetti
 
PPT
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
byComputerworld Philippines
 
PDF
The Evolving Landscape on Information Security
bySimoun Ung
 
DOCX
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
bycroysierkathey
 
ONTOLOGY-BASED MODEL FOR SECURITY ASSESSMENT: PREDICTING CYBERATTACKS THROUGH...
byIJNSA Journal
 
NSAS: NETWORK SECURITY AWARENESS SYSTEM
byInternational Journal of Technical Research & Application
 
Cyber Security PPT.pptx
byBhanuRoyal4
 
Addressing cyber security
byFemi Ashaye
 
Cyber Threat Intelligence
byZaiffiEhsan
 
IDS - Fact, Challenges and Future
byamiable_indian
 
Network security situational awareness
byHuda Seyam
 
Network and web security
byNitesh Saitwal
 
Cyber Security
byNC Military Business Center
 
Network Threat Characterization in Multiple Intrusion Perspectives using Data...
byIJNSA Journal
 
Detection &Amp; Prevention Systems
byAlison Hall
 
Using Event Processing to Enable Enterprise Security
byTim Bass
 
[Bucharest] Attack is easy, let's talk defence
byOWASP EEE
 
IDS / IPS Survey
byDeris Stiawan
 
Army Study: Ontology-based Adaptive Systems of Cyber Defense
byRDECOM
 
Information security
byRohit Gir
 
Francesca Bosco, Le nuove sfide della cyber security
byAndrea Rossetti
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
byComputerworld Philippines
 
The Evolving Landscape on Information Security
bySimoun Ung
 
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
bycroysierkathey
 

More from mmubashirkhan

PPTX
Two factor authentication presentation mcit
bymmubashirkhan
 
PPTX
Drive by downloads-cns
bymmubashirkhan
 
PPTX
Cyber security issues
bymmubashirkhan
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
PPTX
Security threats and countermeasure in 3 g network
bymmubashirkhan
 
PPTX
Saa s multitenant database architecture
bymmubashirkhan
 
PPTX
Comparison between traditional vpn and mpls vpn
bymmubashirkhan
 
PPTX
Improving intrusion detection system by honeypot
bymmubashirkhan
 
PPTX
Authentication in manet
bymmubashirkhan
 
PPT
Security in wireless la ns
bymmubashirkhan
 
PPTX
Biometric security tech
bymmubashirkhan
 
Two factor authentication presentation mcit
bymmubashirkhan
 
Drive by downloads-cns
bymmubashirkhan
 
Cyber security issues
bymmubashirkhan
 
Advanced persistent threat (apt)
bymmubashirkhan
 
Security threats and countermeasure in 3 g network
bymmubashirkhan
 
Saa s multitenant database architecture
bymmubashirkhan
 
Comparison between traditional vpn and mpls vpn
bymmubashirkhan
 
Improving intrusion detection system by honeypot
bymmubashirkhan
 
Authentication in manet
bymmubashirkhan
 
Security in wireless la ns
bymmubashirkhan
 
Biometric security tech
bymmubashirkhan
 

Recently uploaded

PDF
Analyzing the data of your initial survey
byThelma Villaflores
 
PPTX
Overview of how to Create a Model in Odoo 18
byCeline George
 
PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PDF
Micro Economics for class 12 and class 11
bysurajbajaj4116
 
PPTX
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
PPTX
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
PDF
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
PPTX
3 G8_Q3_L3_ (Cartoon as Representation in Opinion Editorial Article).pptx
byNorafeSahagun
 
PPTX
AN EXTREMELY BORING GENERAL QUIZ FOR UG.pptx
bySriramG47
 
PPTX
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
PPTX
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
PPTX
UNIT 1: COMMUNICATION SKILLS, BARRIERS TO COMMUNICATION, PERSPECTIVES IN COMM...
byPOOJA KARVANDE
 
PPTX
Access partner report in Odoo 18.2 _ Odoo 19
byCeline George
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PPTX
4 G8_Q3_L4 (Evaluating opinion editorials for textual evidence and quality).pptx
byNorafeSahagun
 
PPTX
How to Create Lead_Opportunity From Odoo 18 Website
byCeline George
 
PDF
International Men's Day Event: Breaking the Silence: Embracing Vulnerability ...
byAssociation for Project Management
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PPTX
Partial Correlation of Coefficient - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂
bySundar B N
 
PPTX
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
Analyzing the data of your initial survey
byThelma Villaflores
 
Overview of how to Create a Model in Odoo 18
byCeline George
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
Micro Economics for class 12 and class 11
bysurajbajaj4116
 
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
3 G8_Q3_L3_ (Cartoon as Representation in Opinion Editorial Article).pptx
byNorafeSahagun
 
AN EXTREMELY BORING GENERAL QUIZ FOR UG.pptx
bySriramG47
 
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
UNIT 1: COMMUNICATION SKILLS, BARRIERS TO COMMUNICATION, PERSPECTIVES IN COMM...
byPOOJA KARVANDE
 
Access partner report in Odoo 18.2 _ Odoo 19
byCeline George
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
4 G8_Q3_L4 (Evaluating opinion editorials for textual evidence and quality).pptx
byNorafeSahagun
 
How to Create Lead_Opportunity From Odoo 18 Website
byCeline George
 
International Men's Day Event: Breaking the Silence: Embracing Vulnerability ...
byAssociation for Project Management
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
Partial Correlation of Coefficient - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂
bySundar B N
 
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 

Situational awareness for computer network security

  • 1.
  • 2.
     What isSituational Awareness  Why situational awareness for computer network security  Traditional SA  Cyber SA  Simple scenario of cyber Attack  Factors  Instance based learning theory model(IBLT)  conclusion
  • 3.
     Situation awareness(SA) involves being aware of what is happening in the vicinity  It is also a field of study concerned with perception of the environment critical for decision- makers in complex areas from aviation, air traffic control, power plant operations, military command and control, and IT services.
  • 4.
     For securitypurpose many organizations have their own Computer Security Incident Response Teams which are responsible for ensuring, availability and integrity and confidentiality of network services. Their main key responsibility is to maintain situational awareness over thousands of network objects and events .  In short situational awareness is the prevention from threats and future crimes in the field of computer network security
  • 5.
    Normally situational awarenessinvolves predictions related to time, space references and object. For describing Traditional situational awareness we can take the example of aircraft pilot, from his point of view, he should take care of aircraft status, speed, direction ,position(long, lat),the location of other aircraft, friends, enemies, surrounding landing sites and the mission
  • 6.
    when we talkabout cyber situational awareness so one should aware from status and the topology of IT infrastructure which is complex to handle. Network component are usually located using reference in logical architecture.
  • 7.
    The cyber infrastructuretypically consists of web server and fileserver that are protected by two firewall in demilitarized zone (DMZ), where DMZ separates the external network (internet) and company’s internal network(LAN). The web server involves with customer interactions on a company’s website while the fileserver is a repository for many workstations that are internal to the company and that allow company employees to do their daily operations . The firewall 1 controls the traffic between DMZ and the internet Firewall 2 allows a Network File System (NFS) protocol access between the fileserver and web server
  • 9.
     In thiscyber infrastructure mostly attackers follows a sequence of “Island Hopping Attack” where the web server is compromised first, and then the web server is used to originate attacks on the fileserver (through venerability in the NFS protocol) and other company workstations  In this simple scenario, a security analyst is exposed to a sequence of 25 network events (consisting of both threat and non-threat events), whose nature is not precisely defined to a security analyst  He is also able to observe alerts that correspond to some network events using an intrusion detection system (IDS) (Jajodia et al., 2010). The IDS raises an alert for suspicious file executions or suspicious packet transmission events that is generated on the corporate network
  • 10.
    The knowledge levelof the analyst in terms of the mix of threat and non-threat experiences stored in analyst’s memory.  The analyst’s risk-tolerance level, i.e., the willingness of an analyst to classify a sequence of events as a cyber-attack.  The analyst’s similarity model, i.e., the process that the analyst uses to compare network events with prior experiences that are stored in his memory
  • 11.
    IBLT is atheory of how people make decisions from experience in complex environments IBLT proposes that people represent every decision making situation as instances that are stored in memory IBLT composed of three part :Situation(S),Decision(D),and Utility(U)
  • 12.
    The IBL modelof the security analyst can be implemented by using Matlab software
  • 13.
    Due to thegrowing threat to our cyber infrastructure and the heightened need to implement cyber security, it becomes important to evaluate the cyber situation awareness (cyber-SA) of security analysts in different cyber-attack scenarios. In this research, I suggest a memory-based account, based upon instance-based learning theory, of the decisions of a security analyst who is put in a popular cyber-attack scenario of an island-hopping attack
  • 14.