1 muri: computer-aided human centric cyber situation awareness peng liu professor & director,...
TRANSCRIPT
1
MURI: Computer-aided Human Centric Cyber Situation
Awareness
Peng LiuProfessor & Director, The LIONS
CenterPennsylvania State University
ARO Cyber Situation Awareness MURI
Security Analysts
Computer network Mu
lti-
Sen
sory
Hu
man
C
om
pu
ter
Inte
ract
ion
• Enterprise Model• Activity Logs
• IDS reports• Vulnerabilities
Cognitive Models & Decision Aids
• Instance Based Learning Models• Simulation
• Measures of SA & Shared SA
• • •
Da
ta C
on
dit
ion
ing
As
so
cia
tio
n &
Co
rre
lati
on
Automated Reasoning Tools• R-CAST•Plan-based narratives•Graphical models•Uncertainty analysis
Information Aggregation
& Fusion• Transaction Graph methods•Damage assessment
Computer network
• •
•
Real World
Test-bed
2
Publications
• Year 4– 13 journals– 24 conferences– 3 book chapters– 9 presentations
• Year 3– 40 papers – One journal special
issue on Cyber SA– 13 presentations
3
Y1 to Y4 accumulation: around 140 papers
Students
• Year 4– 18 graduate students– 5 post-docs– 4 earned a PhD
degree– 2 earned a MS degree
• Year 3– 17 graduate students– 8 post-docs– 4 earned a PhD
degree
4
Awards
5
CogSIMA 2012 Best Paper Award
Best Paper Award, SECRYPT 2013, “An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities” by M. Albanese, S. Jajodia, A. Singhal, and L. Wang.
HFES 2013 Alphonse Chapanis Award for best student paper, Prashanth Rajivan
Sushil Jajodia, IEEE Fellow, January 2013. VAST Challenge 2013 Honorable Mention, by C. Zhong, M.
Zhao, J. Xu, and G. Xiao
Grace Hopper Scholarship 2013: Chen Zhong
6
Tech Transfer
Deep collaboration with ARL-- ARSCA tool is now being used at ARL to understand the RPs of security analysts-- Adapting ARSCA to directly operate on ARL datasets -- Weekly teleconferences: joint research team
DoD STTR that involves a higher fidelity version of CyberCog, DEXTAR, in which we will integrate CAULDRON
DoD SBIR 12.3 Phase I OSD12-IA5 project “An Integrated Threat feed Aggregation, Analysis, and Visualization (TAAV) Tool for Cyber Situational Awareness,” funded, led by Intelligent Automation, Inc. (IAI).
7
Tech Transfer (cont’d)
The source code for NSDMiner is now released through SourceForge at http://sourceforge.net/projects/nsdminer/. There have been 63 downloads to date.
Briefings to Deloitte, Lockheed Martin, Raytheon Corporation, MITRE, Computer Sciences Corporation, and MIT Lincoln Laboratory.
Briefings to NSA, DTRA, ONR, DHS, and DoDII.
Year 5 Plan: Technology Transitions (1)
8
Partner:
Contact:Opportunity:
Partners:Contacts:
Opportunity:
Partner:
Contact:Opportunity:
Partner:Contact:
Opportunity:
Partner:Contact:
Opportunity:
AFRL – Human Effectiveness Directorate711th Human Performance Wing, Wright-Patterson AFB, OHBenjamin Knott and Vince MancusoHuman performance and measurement of cognition
Deloitte, Ernst and Young, KPMG, Price Waterhouse CoopersJ.B. O’Kane (Vigilant by Deloitte), Jenna McAuley (EY-ASC) and othersObserve practicing analysts, test visualization toolkits and fusion tools, measure human cognition and performance
MIT Lincoln LaboratoriesCyber Security Information Sciences DivisionStephen Rejto and Tony PensaConduct human-in-the-loop experiments; evaluate MIT-LL/PSU analyst tools
ARL (Tactical Information Analysis)Tim HanrattyTransition knowledge elicitation and visualization toolkits to the demonstration lab at ARL Aberdeen
ARL – Adelphi, MDHasan CamApplied research in risk and resilience in cyber security
Year 5 Plan: Tech Transitions (2)
9
Partner:Contact:
Opportunity:
Partners:Contacts:
Opportunity:
Partner:Contact:
Opportunity:
Partner:Contact:
Opportunity:
Partner:Contact:
Opportunity:
ARL (Network division) Bill Glodek, Rob Erbacher, Steve Hutchinson, Hasan Cam, Renee EtotyTracing and analyzing the reasoning processes of security analysts
Sandia Research, Inc. CookeDoD STTR: A higher fidelity version of CyberCog/DEXTAR/CAULDRON
Intelligent Automation, Inc. (Network and Security Division)Jason LiDoD SBIR: Integrated Threat feed Aggregation, Analysis, and Visualization (TAAV) Tool for Cyber Situational Awareness
NISTA. Singhal Cloud-wide vulnerability analysis
NEC Labs America, Inc. Z. Qian, Z. Li Whole enterprise system-call-level security intelligence