Abstract
Although many building blocks of today’s cyber-defense solutions are already fully automatic, there is still a debate on whether next-generation cyber-defense solutions should be wholly autonomous. In this paper, we contribute to the debate in the context of Cybersecurity Operations Centers (CSOCs), which have been widely established in prominent companies and organizations to achieve cyber situational awareness. Based on the lessons we learned from a recent case study on making CSOC data triage operations more autonomous, we conclude that instead of asking whether cyber operations can be made autonomous or not, it seems more appropriate to ask the following questions: (a) How to make cyber operations more autonomous? (b) What is the right research roadmap for making cyber operations more autonomous? We also comment on what should be the current frontier in building a significantly better CSOC.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. van den Driessche, J. Schrittwieser, I. Antonoglou, V. Panneershelvam, M. Lanctot, S. Dieleman, D. Grewe, J. Nham, N. Kalchbrenner, I. Sutskever, T. Lillicrap, M. Leach, K. Kavukcuoglu, T. Graepel, and D. Hassabis, “Mastering the game of go with deep neural networks and tree search,” Nature, vol. 529, pp. 484–489, 2016.
A. D’Amico and K. Whitley, “The real work of computer network defense analysts,” in VizSEC 2007, pp. 19–37, Springer, 2008.
J. Yen, R. F. Erbacher, C. Zhong, and P. Liu, “Cognitive process,” in Cyber Defense and Situational Awareness, pp. 119–144, Springer, 2014.
P. Institute, “The state of malware detection and prevention,” Cyphort, 2016.
FireEye, “The total cost of handling too many alerts versus managing risk,” 2016.
C. Zhong, J. Yen, P. Liu, and R. F. Erbacher, “Learning from experts’ experience: Toward automated cyber security data triage,” IEEE Systems Journal, 2018.
C. Zhong, J. Yen, P. Liu, R. F. Erbacher, C. Garneau, and B. Chen, “Studying analysts’ data triage operations in cyber defense situational analysis,” in Theory and Models for Cyber Situation Awareness, pp. 128–169, Springer, 2017.
T. Bass, “Intrusion detection systems and multisensor data fusion,” Communications of the ACM, vol. 43, no. 4, pp. 99–105, 2000.
D. P. Biros and T. Eppich, “Theme: security-human element key to intrusion detection,” Signal-Fairfax, vol. 55, no. 12, pp. 31–34, 2001.
K. A. Ericsson and A. C. Lehmann, “Expert and exceptional performance: Evidence of maximal adaptation to task constraints,” Annual review of psychology, vol. 47, no. 1, pp. 273–305, 1996.
C. Zhong, D. Samuel, J. Yen, P. Liu, R. Erbacher, S. Hutchinson, R. Etoty, H. Cam, and W. Glodek, “Rankaoh: Context-driven similarity-based retrieval of experiences in cyber analysis,” in Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2014 IEEE International Inter-Disciplinary Conference on, pp. 230–236, IEEE, 2014.
C. Zhong, T. Lin, P. Liu, J. Yen, and K. Chen, “A cyber security data triage operation retrieval system,” Computers & Security, vol. 76, pp. 12–31, 2018.
R. F. Erbacher, D. A. Frincke, P. C. Wong, S. Moody, and G. Fink, “A multi-phase network situational awareness cognitive task analysis,” Information Visualization, vol. 9, no. 3, pp. 204–219, 2010.
R. Sadoddin and A. Ghorbani, “Alert correlation survey: framework and techniques,” in Proceedings of the 2006 international conference on privacy, security and trust: bridge the gap between PST technologies and business services, pp. 37–38, ACM, 2006.
ArcSight, “Building a successful security operations center,” 2010. Research 014-052809-09.
D. Nathans, Designing and Building Security Operations Center. Syngress, 2014.
D. Miller, S. Harris, A. Harper, S. VanDyke, and C. Blask, Security information and event management (SIEM) implementation. McGraw Hill Professional, 2010.
McAfee, “Siem best practices: Correlation rule and engine debugging,” 2014. Report No. PD25633.
C. Zhong, J. Yen, P. Liu, and R. F. Erbacher, “Automate cybersecurity data triage by leveraging human analysts’ cognitive process,” in Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 2016 IEEE 2nd International Conference on, pp. 357–363, IEEE, 2016.
C. Zhong, J. Yen, P. Liu, R. Erbacher, R. Etoty, and C. Garneau, “An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes,” in Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, pp. 8–9, ACM, 2015.
C. Zhong, J. Yen, P. Liu, R. Erbacher, R. Etoty, and C. Garneau, “Arsca: a computer tool for tracing the cognitive processes of cyber-attack analysis,” in Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2015 IEEE International Inter-Disciplinary Conference on, pp. 165–171, IEEE, 2015.
K. Cook, G. Grinstein, M. Whiting, M. Cooper, P. Havig, K. Liggett, B. Nebesh, and C. L. Paul, “Vast challenge 2012: Visual analytics for big data,” in Visual Analytics Science and Technology (VAST), 2012 IEEE Conference on, pp. 251–255, IEEE, 2012.
Acknowledgement
This work was supported by ARO W911NF-15-1-0576 and ARO W911NF-13-1-0421 (MURI).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Zhong, C., Yen, J., Liu, P. (2020). Can Cyber Operations Be Made Autonomous? An Answer from the Situational Awareness Viewpoint. In: Jajodia, S., Cybenko, G., Subrahmanian, V., Swarup, V., Wang, C., Wellman, M. (eds) Adaptive Autonomous Secure Cyber Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-33432-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-33432-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33431-4
Online ISBN: 978-3-030-33432-1
eBook Packages: Computer ScienceComputer Science (R0)