Experience-based cyber situation recognition using relaxable logic patterns

Po Chun Chen, Peng Liu, John Yen, Tracy Mullen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

Cyber situation awareness is a growingly important issue as the world becomes more and more connected. Unfortunately, the amount of data produced by existing intrusion detection tools usually significantly exceeds the cognition throughput of a human analyst. In attempting to align a huge amount of information and the limited human cognitive load, we developed a systematic approach to leverage experiences of security analysts to enhance cyber situation recognition. We used a logic-based approach to efficiently capture and utilize experts' experience, which can be categorized as kind of knowledge-based intrusion detection. However, knowledge-based intrusion detection relies on the establishment of a knowledge base created from cyber attack signatures, but building a comprehensive knowledge base that covers all variations of attacks is impractical under large-scale networks since knowledge engineering can be a time-consuming process. Therefore, how to effectively leverage limited number of human experience became the second focus of our research. In this paper, we presented the logic-based approach under an experience-driven framework, followed by the concept of experience relaxation for mitigating the limitation of knowledge-based intrusion detection. Our experimental results showed a significant improvement in the knowledge base coverage by applying experience relaxation.

Original languageEnglish (US)
Title of host publication2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
Pages243-250
Number of pages8
DOIs
StatePublished - May 22 2012
Event2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012 - New Orleans, LA, United States
Duration: Mar 6 2012Mar 8 2012

Publication series

Name2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012

Other

Other2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
CountryUnited States
CityNew Orleans, LA
Period3/6/123/8/12

All Science Journal Classification (ASJC) codes

  • Information Systems and Management

Fingerprint Dive into the research topics of 'Experience-based cyber situation recognition using relaxable logic patterns'. Together they form a unique fingerprint.

  • Cite this

    Chen, P. C., Liu, P., Yen, J., & Mullen, T. (2012). Experience-based cyber situation recognition using relaxable logic patterns. In 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012 (pp. 243-250). [6188392] (2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012). https://doi.org/10.1109/CogSIMA.2012.6188392