An Expert System for Facilitating an Institutional Risk Profile Definition for Cyber Situational Awareness

Roman Graf, Sergiu Gordea, Heather M. Ryan, Tibaut Houzanme

Abstract

Advances in cyber situational awareness technology lead to the creation of increasingly complex tools. Human analysts face challenges finding relevant information in large, complex data sets, when exploring data to discover patterns and insights. To be effective in identifying and defeating future cyber-attacks, cyber analysts require novel tools and models that can fill the gap between cyber data and situation comprehension. The research presented here is designed to develop a system that will warn a cyber analyst of file format endangerment that could impact cyber situational awareness. The expert system statistically determines an institutional risk profile based on collected expert knowledge in the form of risk profiles calculated by means of risk factors. The institutional risk profile indicates risks that could endanger digital content employed in analysis of cyber situational awareness. Based on the institutional risk profile, a cyber analyst can implement measures for stabilising and securing situational awareness. Each institution may have multiple risk profile definitions dependent on network, critical infrastructure, and the role of the cyber analyst. Another contribution relates to the provided support for visualisation and analysis of risk factors for individual dimensions. To facilitate decision-making, the aggregated information about the risk factors is presented as a multidimensional vector.

References

  1. Ayris, P., Davies, R., McLeod, R., Miao, R., Shenton, H., and Wheatley, P. (2008). The life2 final project report. Final project report, LIFE Project, London, UK.
  2. Barford, P., Dacier, M., Dietterich, T., Fredrikson, M., Giffin, J., Jajodia, S., Jha, S., Li, J., Liu, P., Ning, P., Ou, X., Song, D., Strater, L., Swarup, V., Tadda, G., Wang, C., and Yen, J. (2010). Cyber sa: Situational awareness for cyber defense. In Jajodia, S., Liu, P., Swarup, V., and Wang, C., editors, Cyber Situational Awareness, volume 46 of Advances in Information Security, pages 3-13. Springer US.
  3. David Tarrant, Steve Hitchcock, L. C. (2011). Where the semantic web and web 2.0 meet format risk management: P2 registry. International Journal of Digital Curation, 6(1):165-182.
  4. Dehak, N., Dehak, R., Glass, J., Reynolds, D., and Kenny, P. (2010). Cosine similarity scoring without score normalization techniques. in Proceedings of Odyssey 2010 - The Speaker and Language Recognition Workshop (Odyssey 2010), pages 71-75.
  5. Graf, R. and Gordea, S. (2012). Aggregating a knowledge base of file formats from linked open data. Proceedings of the 9th International Conference on Preservation of Digital Objects, poster:292-293.
  6. Graf, R. and Gordea, S. (2013). A risk analysis of file formats for preservation planning. In Proceedings of the 10th International Conference on Preservation of Digital Objects (iPres2013), pages 177-186, Lissabon, Portugal. Biblioteca Nacional de Portugal, Lisboa.
  7. Graf, R., Gordea, S., and Ryan, H. M. (2015). A tool for facilitating an institutional risk profile definition. 17th International Conference on Digital Information Management (ICDIM2015), pages 2998 - 3003.
  8. Hunter, J. and Choudhury, S. (2006). Panic: an integrated approach to the preservation of composite digital objects using semantic web services. International Journal on Digital Libraries, 6, (2):174-183.
  9. Jackson, A. N. (2012). Formats over time: Exploring uk web history. Proceedings of the 9th International Conference on Preservation of Digital Objects, pages 155-158.
  10. Kott, A. and Wang, C. (2014). Cyber Defense and Situational Awareness. Springer International Publishing Switzerland.
  11. Lawrence, G. W., Kehoe, W. R., Rieger, O. Y., Walters, W. H., and Kenney, A. R. (2000). Risk management of digital information: A file format investigation.
  12. Morita, P., Burns C.M., H., and He, Q. (2011). Situation awareness and risk management understanding the notification issues. In Stud Health Technol Inform. PubMed.
  13. Pearson, D. and Webb, C. (2008). Defining file format obsolescence: A risky journey. The International Journal of Digital Curation, Vol 3, No 1:89-106.
  14. Ryan, H. (2014). Occam's razor and file format endangerment factors. In Proceedings of the 11th International Conference on Preservation of Digital Objects (iPres2014) (accepted for publication), Melbourne, Australia.
  15. Ryan, H., Graf, R., and Sergiu, G. (2015). Human and machine-based file format endangerment notification and recommender systems development. In Proceedings of the 12th International Conference on Digital Preservation (iPres2015), Chapel Hill, North Carolina, USA. UNC.
  16. Salmon, P., Stanton, N., Walker, G., and Green, D. (2006). Situation awareness measurement: A review of applicability for {C4i} environments. Applied Ergonomics, 37(2):225 - 238.
  17. Tanner, D. (2012). Using statistics to make educational decisions. Library of Congress Cataloging-inPublication Data, pages 77-104.
  18. Vermaaten, S., Lavoie, B., and Caplan, P. (2012). Identifying threats to successful digital preservation: the spot model rsik assessment. D-Lib Magazine, 18(9/10).
  19. Ye, J. (2011). Cosine similarity measures for intuitionistic fuzzy sets and their applications. Mathematical and Computer Modelling, 53(12):91 - 97.
  20. Zacharski, R. (2012). A Programmer's Guide to Data Mining: The Ancient Art of the Numerati.
Download


Paper Citation


in Harvard Style

Graf R., Gordea S., Ryan H. and Houzanme T. (2016). An Expert System for Facilitating an Institutional Risk Profile Definition for Cyber Situational Awareness . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 347-354. DOI: 10.5220/0005738303470354


in Bibtex Style

@conference{icissp16,
author={Roman Graf and Sergiu Gordea and Heather M. Ryan and Tibaut Houzanme},
title={An Expert System for Facilitating an Institutional Risk Profile Definition for Cyber Situational Awareness},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={347-354},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005738303470354},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - An Expert System for Facilitating an Institutional Risk Profile Definition for Cyber Situational Awareness
SN - 978-989-758-167-0
AU - Graf R.
AU - Gordea S.
AU - Ryan H.
AU - Houzanme T.
PY - 2016
SP - 347
EP - 354
DO - 10.5220/0005738303470354