8 research outputs found
Kinetic and Cyber
We compare and contrast situation awareness in cyber warfare and in
conventional, kinetic warfare. Situation awareness (SA) has a far longer
history of study and applications in such areas as control of complex
enterprises and in conventional warfare, than in cyber warfare. Far more is
known about the SA in conventional military conflicts, or adversarial
engagements, than in cyber ones. By exploring what is known about SA in
conventional, also commonly referred to as kinetic, battles, we may gain
insights and research directions relevant to cyber conflicts. We discuss the
nature of SA in conventional (often called kinetic) conflict, review what is
known about this kinetic SA (KSA), and then offer a comparison with what is
currently understood regarding the cyber SA (CSA). We find that challenges and
opportunities of KSA and CSA are similar or at least parallel in several
important ways. With respect to similarities, in both kinetic and cyber worlds,
SA strongly impacts the outcome of the mission. Also similarly, cognitive
biases are found in both KSA and CSA. As an example of differences, KSA often
relies on commonly accepted, widely used organizing representation - map of the
physical terrain of the battlefield. No such common representation has emerged
in CSA, yet.Comment: A version of this paper appeared as a book chapter in Cyber Defense
and Situational Awareness, Springer, 2014. Prepared by US Government
employees in their official duties; approved for public release, distribution
unlimited. Cyber Defense and Situational Awareness. Springer International
Publishing, 2014. 29-4
TOWARDS A BRIGHT FUTURE: ENHANCING DIFFUSION OF CONTINUOUS CLOUD SERVICE AUDITING BY THIRD PARTIES
Using cloud services empowers organizations to achieve various financial and technical benefits. Nonetheless, customers are faced with a lack of control since they cede control over their IT resources to the cloud providers. Independent third party assessments have been recommended as good means to counteract this lack of control. However, current third party assessments fail to cope with an ever-changing cloud computing environment. We argue that continuous auditing by third parties (CATP) is required to assure continuously reliable and secure cloud services. Yet, continuous auditing has been applied mostly for internal purposes, and adoption of CATP remains lagging behind. Therefore, we examine the adoption process of CATP by building on the lenses of diffusion of innovations theory as well as conducting a scientific database search and various interviews with cloud service experts. Our findings reveal that relative advantages, a high degree of compatibility and observability of CATP would strongly enhance adoption, while a high complexity and a limited trialability might hamper diffusion. We contribute to practice and research by advancing the understanding of the CATP adop-tion process by providing a synthesis of relevant attributes that influence adoption rate. More im-portantly, we provide recommendations on how to enhance the adoption process
Security Analytics: Using Deep Learning to Detect Cyber Attacks
Security attacks are becoming more prevalent as cyber attackers exploit system vulnerabilities for financial gain. The resulting loss of revenue and reputation can have deleterious effects on governments and businesses alike. Signature recognition and anomaly detection are the most common security detection techniques in use today. These techniques provide a strong defense. However, they fall short of detecting complicated or sophisticated attacks. Recent literature suggests using security analytics to differentiate between normal and malicious user activities.
The goal of this research is to develop a repeatable process to detect cyber attacks that is fast, accurate, comprehensive, and scalable. A model was developed and evaluated using several production log files provided by the University of North Florida Information Technology Security department. This model uses security analytics to complement existing security controls to detect suspicious user activity occurring in real time by applying machine learning algorithms to multiple heterogeneous server-side log files. The process is linearly scalable and comprehensive; as such it can be applied to any enterprise environment. The process is composed of three steps. The first step is data collection and transformation which involves identifying the source log files and selecting a feature set from those files. The resulting feature set is then transformed into a time series dataset using a sliding time window representation. Each instance of the dataset is labeled as green, yellow, or red using three different unsupervised learning
methods, one of which is Partitioning around Medoids (PAM). The final step uses Deep Learning to train and evaluate the model that will be used for detecting abnormal or suspicious activities. Experiments using datasets of varying sizes of time granularity resulted in a very high accuracy and performance. The time required to train and test the model was surprisingly fast even for large datasets. This is the first research paper that develops a model to detect cyber attacks using security analytics; hence this research builds a foundation on which to expand upon for future research in this subject area