SoK: Contemporary Issues and Challenges to Enable Cyber
Situational Awareness for Network Security

D 2020

SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security

HUSÁK, Martin; Tomáš JIRSÍK and Shanchieh Jay YANG

Basic information

Original name

SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security

Authors

HUSÁK, Martin ; Tomáš JIRSÍK and Shanchieh Jay YANG

Edition

New York, NY, United States, Proceedings of the 15th International Conference on Availability, Reliability and Security, p. 1-10, 10 pp. 2020

Publisher

Association for Computing Machinery

Other information

Language

English

Type of outcome

Proceedings paper

Field of Study

10200 1.2 Computer and information sciences

Country of publisher

United States of America

Confidentiality degree

is not subject to a state or trade secret

Publication form

electronic version available online

References:

URL

Marked to be transferred to RIV

Yes

RIV identification code

RIV/00216224:14610/20:00115826

Organization unit

Institute of Computer Science

ISBN

978-1-4503-8833-7

DOI

https://doi.org/10.1145/3407023.3407062

EID Scopus

2-s2.0-85117540753

Keywords in English

Cyber situational awareness;network security;taxonomy

Abstract

In the original language

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization.

Links

EF16_019/0000822, research and development project

Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Files attached

2020-ARES-SoK-cyber-situational-awareness-video.mp4

2020-ARES-SoK-cyber-situational-awareness-paper.pdf File version

2020-ARES-SoK-cyber-situational-awareness-slides.pdf

Cite

HUSÁK, Martin; Tomáš JIRSÍK and Shanchieh Jay YANG. SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security. Online. In Proceedings of the 15th International Conference on Availability, Reliability and Security. New York, NY, United States: Association for Computing Machinery, 2020, p. 1-10. ISBN 978-1-4503-8833-7. Available from: https://doi.org/10.1145/3407023.3407062.

@inproceedings{1663145,
   author = {Husák, Martin and Jirsík, Tomáš and Yang, Shanchieh Jay},
   address = {New York, NY, United States},
   booktitle = {Proceedings of the 15th International Conference on Availability, Reliability and Security},
   doi = {https://doi.org/10.1145/3407023.3407062},
   keywords = {Cyber situational awareness;network security;taxonomy},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {New York, NY, United States},
   isbn = {978-1-4503-8833-7},
   pages = {1-10},
   publisher = {Association for Computing Machinery},
   title = {SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security},
   url = {https://dl.acm.org/doi/abs/10.1145/3407023.3407062},
   year = {2020}
}

TY  - CONF
ID  - 1663145
AU  - Husák, Martin - Jirsík, Tomáš - Yang, Shanchieh Jay
PY  - 2020
TI  - SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security
PB  - Association for Computing Machinery
CY  - New York, NY, United States
SN  - 9781450388337
KW  - Cyber situational awareness;network security;taxonomy
UR  - https://dl.acm.org/doi/abs/10.1145/3407023.3407062
N2  - Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization.
ER  -

HUSÁK, Martin; Tomáš JIRSÍK and Shanchieh Jay YANG. SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security. Online. In \textit{Proceedings of the 15th International Conference on Availability, Reliability and Security}. New York, NY, United States: Association for Computing Machinery, 2020, p.~1-10. ISBN~978-1-4503-8833-7. Available from: https://doi.org/10.1145/3407023.3407062.

Přehled o publikaci