Experience-based cyber situation recognition using relaxable logic patterns

Po Chun Chen, Peng Liu, John Yen, Tracy Mullen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)

Abstract

Cyber situation awareness is a growingly important issue as the world becomes more and more connected. Unfortunately, the amount of data produced by existing intrusion detection tools usually significantly exceeds the cognition throughput of a human analyst. In attempting to align a huge amount of information and the limited human cognitive load, we developed a systematic approach to leverage experiences of security analysts to enhance cyber situation recognition. We used a logic-based approach to efficiently capture and utilize experts' experience, which can be categorized as kind of knowledge-based intrusion detection. However, knowledge-based intrusion detection relies on the establishment of a knowledge base created from cyber attack signatures, but building a comprehensive knowledge base that covers all variations of attacks is impractical under large-scale networks since knowledge engineering can be a time-consuming process. Therefore, how to effectively leverage limited number of human experience became the second focus of our research. In this paper, we presented the logic-based approach under an experience-driven framework, followed by the concept of experience relaxation for mitigating the limitation of knowledge-based intrusion detection. Our experimental results showed a significant improvement in the knowledge base coverage by applying experience relaxation.

Original languageEnglish (US)
Title of host publication2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
Pages243-250
Number of pages8
DOIs
StatePublished - May 22 2012
Event2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012 - New Orleans, LA, United States
Duration: Mar 6 2012Mar 8 2012

Other

Other2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
CountryUnited States
CityNew Orleans, LA
Period3/6/123/8/12

Fingerprint

Logic
Intrusion detection
Knowledge base
Knowledge-based
Attack
Leverage
Analysts
Security analysts
Cognitive load
Cognition
Knowledge engineering
Throughput

All Science Journal Classification (ASJC) codes

  • Information Systems and Management

Cite this

Chen, P. C., Liu, P., Yen, J., & Mullen, T. (2012). Experience-based cyber situation recognition using relaxable logic patterns. In 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012 (pp. 243-250). [6188392] https://doi.org/10.1109/CogSIMA.2012.6188392
Chen, Po Chun ; Liu, Peng ; Yen, John ; Mullen, Tracy. / Experience-based cyber situation recognition using relaxable logic patterns. 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012. 2012. pp. 243-250
@inproceedings{450bb02ddcf643819fb1d78e586822ad,
title = "Experience-based cyber situation recognition using relaxable logic patterns",
abstract = "Cyber situation awareness is a growingly important issue as the world becomes more and more connected. Unfortunately, the amount of data produced by existing intrusion detection tools usually significantly exceeds the cognition throughput of a human analyst. In attempting to align a huge amount of information and the limited human cognitive load, we developed a systematic approach to leverage experiences of security analysts to enhance cyber situation recognition. We used a logic-based approach to efficiently capture and utilize experts' experience, which can be categorized as kind of knowledge-based intrusion detection. However, knowledge-based intrusion detection relies on the establishment of a knowledge base created from cyber attack signatures, but building a comprehensive knowledge base that covers all variations of attacks is impractical under large-scale networks since knowledge engineering can be a time-consuming process. Therefore, how to effectively leverage limited number of human experience became the second focus of our research. In this paper, we presented the logic-based approach under an experience-driven framework, followed by the concept of experience relaxation for mitigating the limitation of knowledge-based intrusion detection. Our experimental results showed a significant improvement in the knowledge base coverage by applying experience relaxation.",
author = "Chen, {Po Chun} and Peng Liu and John Yen and Tracy Mullen",
year = "2012",
month = "5",
day = "22",
doi = "10.1109/CogSIMA.2012.6188392",
language = "English (US)",
isbn = "9781467303453",
pages = "243--250",
booktitle = "2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012",

}

Chen, PC, Liu, P, Yen, J & Mullen, T 2012, Experience-based cyber situation recognition using relaxable logic patterns. in 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012., 6188392, pp. 243-250, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012, New Orleans, LA, United States, 3/6/12. https://doi.org/10.1109/CogSIMA.2012.6188392

Experience-based cyber situation recognition using relaxable logic patterns. / Chen, Po Chun; Liu, Peng; Yen, John; Mullen, Tracy.

2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012. 2012. p. 243-250 6188392.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Experience-based cyber situation recognition using relaxable logic patterns

AU - Chen, Po Chun

AU - Liu, Peng

AU - Yen, John

AU - Mullen, Tracy

PY - 2012/5/22

Y1 - 2012/5/22

N2 - Cyber situation awareness is a growingly important issue as the world becomes more and more connected. Unfortunately, the amount of data produced by existing intrusion detection tools usually significantly exceeds the cognition throughput of a human analyst. In attempting to align a huge amount of information and the limited human cognitive load, we developed a systematic approach to leverage experiences of security analysts to enhance cyber situation recognition. We used a logic-based approach to efficiently capture and utilize experts' experience, which can be categorized as kind of knowledge-based intrusion detection. However, knowledge-based intrusion detection relies on the establishment of a knowledge base created from cyber attack signatures, but building a comprehensive knowledge base that covers all variations of attacks is impractical under large-scale networks since knowledge engineering can be a time-consuming process. Therefore, how to effectively leverage limited number of human experience became the second focus of our research. In this paper, we presented the logic-based approach under an experience-driven framework, followed by the concept of experience relaxation for mitigating the limitation of knowledge-based intrusion detection. Our experimental results showed a significant improvement in the knowledge base coverage by applying experience relaxation.

AB - Cyber situation awareness is a growingly important issue as the world becomes more and more connected. Unfortunately, the amount of data produced by existing intrusion detection tools usually significantly exceeds the cognition throughput of a human analyst. In attempting to align a huge amount of information and the limited human cognitive load, we developed a systematic approach to leverage experiences of security analysts to enhance cyber situation recognition. We used a logic-based approach to efficiently capture and utilize experts' experience, which can be categorized as kind of knowledge-based intrusion detection. However, knowledge-based intrusion detection relies on the establishment of a knowledge base created from cyber attack signatures, but building a comprehensive knowledge base that covers all variations of attacks is impractical under large-scale networks since knowledge engineering can be a time-consuming process. Therefore, how to effectively leverage limited number of human experience became the second focus of our research. In this paper, we presented the logic-based approach under an experience-driven framework, followed by the concept of experience relaxation for mitigating the limitation of knowledge-based intrusion detection. Our experimental results showed a significant improvement in the knowledge base coverage by applying experience relaxation.

UR - http://www.scopus.com/inward/record.url?scp=84861164856&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84861164856&partnerID=8YFLogxK

U2 - 10.1109/CogSIMA.2012.6188392

DO - 10.1109/CogSIMA.2012.6188392

M3 - Conference contribution

AN - SCOPUS:84861164856

SN - 9781467303453

SP - 243

EP - 250

BT - 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012

ER -

Chen PC, Liu P, Yen J, Mullen T. Experience-based cyber situation recognition using relaxable logic patterns. In 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012. 2012. p. 243-250. 6188392 https://doi.org/10.1109/CogSIMA.2012.6188392