Cyber Situation Awareness
Cyber networks have evolved into a ubiquitous infrastructure, and the Internet has become a mission-critical asset for the DoD and its partners. To assure the availability of these large-scale networks and their resources, it is necessary to maintain situation awareness of the current status of the networks during 24/7 operations. To achieve these goals, one needs to develop technologies and tools that include the assessment of the impact of observed attacks as well as predicting potential future steps of the adversary based on incomplete information. It is also necessary to have techniques that help security officers understand the impact of countermeasures in response to threats. In particular, one needs to ensure that security officers are not overwhelmed by information, so that they can make effective decisions even in high-stress situations.
This research is to develop novel situation awareness theories and techniques to obtain an accurate view of the available cyber-assets and to automatically determine the assets required to carry out each mission task.