Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons: ¿ Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics. ¿ Lack of capability to monitor certain microscopic system/attack behavior. ¿ Limited capability to transform/fuse/distill information into cyber intelligence. ¿ Limited capability to handle uncertainty. ¿ Existing system designs are not very ¿friendly¿ to Cyber Situational Awareness.

Chapter 1: Introduction to Cyber Situational Awareness Lead authors: Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang Chapter 2: Information Fusion for Cyber Situational Awareness Lead author: George Tadda, AFRL --------------------------------------------------------------------- Section: Macroscopic Cyber Situational Awareness -------------------------------------------------------------------- Chapter 3: Cyber Situational Awareness through Network Telescopes Lead authors: Vern Paxson (Berkeley), P. Barford (Wisconsin) Chapter 4: Using Honeynets to Gain Internet Situational Awareness Lead author: Mark Dacier, EURECOM Chapter 5: Internet-Scale Cyber Threat Analysis Lead author: Phillip Porras, SRI International -------------------------------------------------------------------- Section: Enterprise Cyber Situational Awareness -------------------------------------------------------------------- Chapter 6: Topological Vulnerability Analysis Lead author: Sushil Jajodia Chapter 7: Intrusion Detection and Alert Correlation Lead author: Peng Ning Chapter 8: Damage assessment and intrusion response Lead author: Peng Liu ------------------------------------------------------------------------- Section: Microscopic Cyber Situational Awareness -------------------------------------------------------------------------- Chapter 9: Microscopic Cyber Situational Awareness: Needs, Challenges and Solutions Lead author: Dawn Song, Berkeley {Backup author: Peng Liu} Chapter 10: Intrusion Back-tracking and Forensics Lead author: Peter Chen, Michigan Chapter 11: System Call Level Cyber Situational Awareness Lead authors: Jha & Griffin ----------------------------------------- Section: The Data Dimension ------------------------------------------ Chapter 12: A Data Stream Analysis Approach to Cyber Situational Awareness Lead author: Sharad Mehrotra, UC Irvine ----------------------------------------------------------------------- Section: Decision Making & Leaning Aspects ------------------------------------------------------------------------ Chapter 13: RPD-inspired Hypothesis Reasoning for Cyber Situation Awareness Lead authors: John Yen, Penn State University Chapter 14: Automated Human Analyst Situation Awareness Cognition Lead author: unknown {candidate author: Mike McNeese, Penn State University) Chapter 15: Uncertainty and Risk Management in Cyber Situation Awareness Lead author: unknown