SKRM: Where security techniques talk to each other

Abstract

Achieving complete and accurate cyber situation awareness (SA) is crucial for security analysts to make right decisions. To facilitate cyber SA, existing security tools, algorithms, and techniques like attack graph, should be integrated together to extract the most critical information and synthesize knowledge from different areas. Based on existing theories of situation awareness, a cyber SA model and an SKRM (Situation Knowledge Reference Model) model are constructed to enhance the coupling of current techniques to situation awareness to enable security analysts' effective analysis of complex cyber-security problems.