文章来源: | 发布时间:2016-07-11 | 【字号: 小 中 大 】 |
题 目:Liberate Cybersecurity Analysts: Tracing Their Cognitive Processes to Facilitate Data Triage
报告人:仲琛 (宾夕法尼亚州立大学)
时 间:2016年7月12日(星期二), 下午2:00-3:00
地 点:中国科学院信息工程研究所3号楼3212室
Abstract:
Security Operations Centers (SOCs) not only employ various cyber defense technologies to continually monitor and control network traffic, but also rely heavily on cybersecurity analysts to make sense of the network monitoring data for attack detection and incident response. As the network monitoring data are usually generated at a rapid speed and contain a lot of noise, analysts are so far bounded by tedious and repetitive data triage tasks that they can hardly concentrate on in-depth analysis to generate timely and quality incident reports. These difficulties result in a great disparity in force between overwhelmed cybersecurity analysts and inspired attackers. Therefore, there is an urgent need to liberating cybersecurity analysts from the tedious data analytics to focus on the higher-level cyber situational awareness. Our work is aimed to reduce analysts' workloads by leveraging analysts' previous cognitive processes in data triage. We proposed an operation tracing method and captured the traces of analysts’ cognitive processes of data triage in an experiment. To utilize the captured traces, we developed an automated trace analysis method for constructing data triage rules from the traces. The rules are further used to build finite state machines for automated data triage. We evaluated the automated data triage systems constructed from the traces by applying them to a large dataset and comparing the data triage results with the ground truth.
Bio:
Dr. Chen Zhong received her Ph.D. degree in Information Sciences and Technology at Pennsylvania State University in 2016. She will join Indiana University, Kokomo in this August as an assistant professor. Chen’s research interests are related to cybersecurity, data analytics, interactive design and cognitive modeling. Chen is a recipient of (ISC)2 scholarship and the 1st place in Engineering of Graduate Exhibition in Research 2015. She received the B.S. degree in Computer Science from Nanjing University, China in 2011.
附件: |
©中国科学院信息工程研究所信息安全国家重点实验室 备案序号:京ICP备12047326-1号 电话:010-82546611 传真:010-82546564 地址:北京市海淀区闵庄路甲89号 100093 |