Transcript Significant research accomplishments already made

MURI: Computer-aided Human
Centric Cyber Situation Awareness
Peng Liu
Professor & Director, The LIONS Center
Pennsylvania State University
ARO Cyber Situation Awareness MURI
1
• Simulation
• Measures of SA & Shared SA
Automated
Reasoning
Tools
Information
Aggregation
& Fusion
• R-CAST
• Plan-based
narratives
• Graphical
models
• Uncertainty
analysis
• Transaction
Graph
methods
•Damage
assessment
Computer network
Real
World
Multi-Sensory Human
Computer Interaction
•
•
•
Data Conditioning
Association & Correlation
Cognitive Models & Decision
Aids
• Instance Based Learning Models
• Enterprise Model
• Activity Logs
• IDS reports
• Vulnerabilities
Security Analysts
Testbed
•
•
Computer
network
•
2
Publications
• Year 4
–
–
–
–
13 journals
24 conferences
3 book chapters
9 presentations
• Year 3
– 40 papers
– One journal special
issue on Cyber SA
– 13 presentations
Y1 to Y4 accumulation: around 140 papers
3
Students
• Year 4
– 18 graduate students
– 5 post-docs
– 4 earned a PhD
degree
– 2 earned a MS degree
• Year 3
– 17 graduate students
– 8 post-docs
– 4 earned a PhD
degree
4
Awards
CogSIMA 2012 Best Paper Award
Best Paper Award, SECRYPT 2013, “An Efficient Approach to
Assessing the Risk of Zero-Day Vulnerabilities” by M.
Albanese, S. Jajodia, A. Singhal, and L. Wang.
HFES 2013 Alphonse Chapanis Award for best student paper,
Prashanth Rajivan
Sushil Jajodia, IEEE Fellow, January 2013.
VAST Challenge 2013 Honorable Mention, by C. Zhong, M.
Zhao, J. Xu, and G. Xiao
Grace Hopper Scholarship 2013: Chen Zhong
5
Tech Transfer
Deep collaboration with ARL
-- ARSCA tool is now being used at ARL to understand
the RPs of security analysts
-- Adapting ARSCA to directly operate on ARL datasets
-- Weekly teleconferences: joint research team
DoD STTR that involves a higher fidelity version of
CyberCog, DEXTAR, in which we will integrate
CAULDRON
DoD SBIR 12.3 Phase I OSD12-IA5 project “An Integrated
Threat feed Aggregation, Analysis, and Visualization
(TAAV) Tool for Cyber Situational Awareness,” funded, led
by Intelligent Automation, Inc. (IAI).
6
Tech Transfer (cont’d)
The source code for NSDMiner is now released through
SourceForge at http://sourceforge.net/projects/nsdminer/.
There have been 63 downloads to date.
Briefings to Deloitte, Lockheed Martin, Raytheon
Corporation, MITRE, Computer Sciences Corporation, and
MIT Lincoln Laboratory.
Briefings to NSA, DTRA, ONR, DHS, and DoDII.
7
Year 5 Plan: Technology Transitions (1)
Partner: AFRL – Human Effectiveness Directorate
711th Human Performance Wing, Wright-Patterson AFB, OH
Contact: Benjamin Knott and Vince Mancuso
Opportunity: Human performance and measurement of cognition
Partners: Deloitte, Ernst and Young, KPMG, Price Waterhouse Coopers
Contacts: J.B. O’Kane (Vigilant by Deloitte), Jenna McAuley (EY-ASC) and others
Opportunity: Observe practicing analysts, test visualization toolkits and fusion tools, measure
human cognition and performance
Partner: MIT Lincoln Laboratories
Cyber Security Information Sciences Division
Contact: Stephen Rejto and Tony Pensa
Opportunity: Conduct human-in-the-loop experiments; evaluate MIT-LL/PSU analyst tools
Partner: ARL (Tactical Information Analysis)
Contact: Tim Hanratty
Opportunity: Transition knowledge elicitation and visualization toolkits to the demonstration
lab at ARL Aberdeen
Partner: ARL – Adelphi, MD
Contact: Hasan Cam
Opportunity: Applied research in risk and resilience in cyber security
8
Year 5 Plan: Tech Transitions (2)
Partner: ARL (Network division)
Contact: Bill Glodek, Rob Erbacher, Steve Hutchinson, Hasan Cam, Renee Etoty
Opportunity: Tracing and analyzing the reasoning processes of security analysts
Partners: Sandia Research, Inc.
Contacts: Cooke
Opportunity: DoD STTR: A higher fidelity version of CyberCog/DEXTAR/CAULDRON
Partner: Intelligent Automation, Inc. (Network and Security Division)
Contact: Jason Li
Opportunity: DoD SBIR: Integrated Threat feed Aggregation, Analysis, and Visualization
(TAAV) Tool for Cyber Situational Awareness
Partner: NIST
Contact: A. Singhal
Opportunity: Cloud-wide vulnerability analysis
Partner: NEC Labs America, Inc.
Contact: Z. Qian, Z. Li
Opportunity: Whole enterprise system-call-level security intelligence
9