Abstract
Networked software systems have a remarkable and critical role in the modern society. There are critical software systems in every business area. At the same time, the amount of cyber-attacks against those critical networked software systems has increased in large measures. Because of that, the cyber security situational awareness of the own assets plays an important role in the business continuity. It should be known what is the current status of the cyber security infrastructure and own assets and what it will be in the near future. For achieving such cyber security situational awareness there is need for the Cyber Security Situational Awareness System. This study presents the novel architecture of the Cyber Security Situational Awareness System. The study also presents the use case of threat mitigation process for such Cyber Security Situational Awareness System.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Franke, U., Brynielsson, J.: Cyber situational awareness - a systematic review of the literature. Comput. Secur. 46, 18–31 (2014)
Secretariat of the Security Committee: Finland’s Cyber Security Strategy. Government Resolution, 24 January 2013
Conti, G., Nelson, J., Raymond, D.: Towards a cyber common operating picture. In: Proceedings of the 5th International Conference on Cyber Conflict (CyCon). NATO CCDCOE Publications, Tallinn (2013)
Endsley, M.: Toward a theory of situation awareness in dynamic systems. Hum. Factors: J. Hum. Factors Ergon. Soc. 37(1), 32–64 (1995)
The MITRE Corporation: Cybersecurity, Situation Awareness. https://www.mitre.org/capabilities/cybersecurity/situation-awareness/. Accessed 23 May 2016
The Industrial Control System Information Sharing and Analysis Center (ICS-ISAC): Situational Awareness Reference Architecture (SARA). http://ics-isac.org/blog/sara/. Accessed 23 May 2016
Ten, C.W., Manimaran, G., Liu, C.C.: Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans. Syst. Man Cybern. - Part A: Syst. Hum. 40(4), 853–865 (2010)
Keller, J.: Army cyber situational awareness innovation challenge focuses on cyber threats at brigade level. In: Military & Aerospace Electronics, 18 November 2015. http://www.militaryaerospace.com/articles/2015/11/army-cyber-threats.html. Accessed 23 May 2016
Yu, W., Xu, G., Chen, Z., Moulema, P.: A cloud computing based architecture for cyber security situation awareness. In: Proceedings of the IEEE Conference on Communications and Network Security (CNS), National Harbor, MD, pp. 488–492 (2013)
Bass, T.: Intrusion detection systems and multisensor data fusion. Commun. ACM Mag. 43(4), 99–105 (2000)
Steinberg, A., Bowman, C., White, F.: Revisions to the JDL data fusion model. In: SPIE Proceedings, Sensor Fusion: Architectures, Algorithms, and Applications III, vol. 3719, pp. 430–441 (1999)
Azimirad, E., Haddadnia, J.: The comprehensive review on JDL model in data fusion networks: techniques and methods. Int. J. Comput. Sci. Inf. Secur. (IJCSIS) 13(1) (2015)
Blasch, E., Steinberg, A., Das, S., Llinas, J., Chong, C., Kessler, O., Waltz, E., White, F.: Revisiting the JDL model for information exploitation. In: Proceedings of the 16th International Conference on Information Fusion (FUSION), Istanbul, pp. 129–136 (2013)
Giacobe, N.: Application of the JDL data fusion process model for cyber security. In: SPIE Proceedings, Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications, vol. 7710, p. 77100R, 28 April 2010
Swart, I., Irwin, B., Grobler, M.: MultiSensor national cyber security data fusion. In: Proceedings of the 10th International Conference on Cyber Warfare and Security (ICCWS), pp. 320–328 (2015)
Khaleghi, B., Khamis, A., Karray, F.O., Razavi, S.N.: Multisensor data fusion: a review of the state-of-the-art. Inf. Fusion 14(1), 28–44 (2013)
Liu, X., Wang, H., Liang, Y., Lai, J.: Heterogeneous multi-sensor data fusion with multi-class support vector machines: creating network security situation awareness. In: Proceedings of the Sixth International Conference on Machine Learning and Cybernetics, Hong Kong, pp. 2689–2694 (2007)
Zhanga, Y., Huanga, S., Guob, S., Zhu, J.: Multi-sensor data fusion for cyber security situation awareness. In: Proceedings of the 3rd International Conference on Environmental Science and Information Application Technology (ESIAT 2011). Procedia Environ. Sci. 10, 1029–1034 (2011)
Xie, Y.: A spatiotemporal event correlation approach to computer security. Doctoral Dissertation, Carnegie Mellon University, School of Computer Science, Pittsburgh, PA, USA (2005)
Kornmaier, A., Jaouën, F.: Beyond technical data - a more comprehensive situational awareness fed by available Intelligence Information. In: Proceedings of the 6th International Conference on Cyber Conflict (CyCon). NATO CCDCOE Publications, Tallinn (2014)
Barnum, S.: Structured Threat Information eXpression (STIX™). Version 1.1, Revision 1, 20 February 2014. http://stixproject.github.io/getting-started/whitepaper/. Accessed 24 May 2016
Connolly, J., Davidson, M., Schmidt, C.: Trusted Automated eXchange of Indicator Information (TAXII™), 2 May 2014. http://taxiiproject.github.io/getting-started/whitepaper/. Accessed 24 May 2016
Kokkonen, T., Hautamäki, J., Siltanen, J., Hämäläinen, T.: Model for sharing the information of cyber security situation awareness between organizations. In: Proceedings of the 23rd International Conference on Telecommunications (ICT), Thessaloniki, Greece (2016)
Fink, G., North, C., Endert, A., Rose, S.: Visualizing cyber security: usable workspaces. In: Proceedings of the 6th International Workshop on Visualization for Cyber Security (VizSec), Atlantic City, NJ, pp. 45–56 (2009)
Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: Proceedings of the Military Communications Conference (MILCOM), Baltimore, MD, pp. 1339–1344 (2011)
Briesemeister, L., Cheung, S., Lindqvist U., Valdes, A.: Detection, correlation, and visualization of attacks against critical infrastructure systems. In: Proceedings of the 8th Annual Conference on Privacy, Security and Trust, Ottawa, Canada (2010)
Nusinov, M.: Visualizing threat and impact assessment to improve situation awareness. Thesis, Rochester Institute of Technology (2009)
Hall, P., Heath, C., Coles-Kemp, L.: Critical visualization: a case for rethinking how we visualize risk and security. J. Cybersecur. 1(1), 93–108 (2015)
Grégoire, M., Beaudoin, L.: Visualisation for network situational awareness in computer network defence. In: Visualisation and the Common Operational Picture. RTO-MP-IST-043 (2005)
U.S Department of Defence Interface Standard, Joint Military Symbology: MIL-STD-2525D, 10 June 2014
Acknowledgment
This work was funded by the Regional Council of Central Finland/Council of Tampere Region and European Regional Development Fund/Leverage from the EU 2014–2020 as part of the JYVSECTEC Center project of JAMK University of Applied Sciences Institute of Information Technology.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Kokkonen, T. (2016). Architecture for the Cyber Security Situational Awareness System. In: Galinina, O., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. ruSMART NEW2AN 2016 2016. Lecture Notes in Computer Science(), vol 9870. Springer, Cham. https://doi.org/10.1007/978-3-319-46301-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-46301-8_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46300-1
Online ISBN: 978-3-319-46301-8
eBook Packages: Computer ScienceComputer Science (R0)