Design considerations for a case-based reasoning engine for scenario-based cyber incident notification

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI:10.1109/CICYBS.2011.5949397

Stephen M. Woskov, M. Grimaila, R. Mills, M. Haas

{"title":"Design considerations for a case-based reasoning engine for scenario-based cyber incident notification","authors":"Stephen M. Woskov, M. Grimaila, R. Mills, M. Haas","doi":"10.1109/CICYBS.2011.5949397","DOIUrl":null,"url":null,"abstract":"Virtually all modern organizations have embedded information systems into their core business processes as a means to increase operational efficiency, improve decision making quality, and minimize costs. Unfortunately, this dependence can place an organization's mission at risk if the confidentiality, integrity, or availability of a critical information resource has been lost or degraded. Within the military, this type of incident could ultimately result in serious consequences including physical destruction and loss of life. To reduce the likelihood of this outcome, personnel must be informed about cyber incidents, and their potential consequences, in a timely and relevant manner so that appropriate contingency actions can be taken. In this paper, we identify criteria for improving the relevance of incident notification, propose the use of case-based reasoning (CBR) for contingency decision support, and identify key design considerations for implementing a CBR system used to deliver relevant notification following a cyber incident.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CICYBS.2011.5949397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Virtually all modern organizations have embedded information systems into their core business processes as a means to increase operational efficiency, improve decision making quality, and minimize costs. Unfortunately, this dependence can place an organization's mission at risk if the confidentiality, integrity, or availability of a critical information resource has been lost or degraded. Within the military, this type of incident could ultimately result in serious consequences including physical destruction and loss of life. To reduce the likelihood of this outcome, personnel must be informed about cyber incidents, and their potential consequences, in a timely and relevant manner so that appropriate contingency actions can be taken. In this paper, we identify criteria for improving the relevance of incident notification, propose the use of case-based reasoning (CBR) for contingency decision support, and identify key design considerations for implementing a CBR system used to deliver relevant notification following a cyber incident.

查看原文本刊更多论文

用于基于场景的网络事件通知的基于案例的推理引擎的设计注意事项

实际上，所有现代组织都将信息系统嵌入到其核心业务流程中，作为提高操作效率、改进决策质量和最小化成本的一种手段。不幸的是，如果关键信息资源的机密性、完整性或可用性丢失或降低，这种依赖可能会使组织的任务面临风险。在军队内部，这类事件最终可能导致严重后果，包括物质破坏和生命损失。为了减少发生这种情况的可能性，必须及时、相关地告知员工网络事件及其潜在后果，以便采取适当的应急行动。在本文中，我们确定了提高事件通知相关性的标准，建议使用基于案例的推理(CBR)进行应急决策支持，并确定了实施用于在网络事件后提供相关通知的CBR系统的关键设计考虑因素。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)

自引率

0.00%

发文量