Share Email Print

Proceedings Paper

Human-machine analytics for closed-loop sense-making in time-dominant cyber defense problems
Author(s): Matthew H. Henry
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Many defense problems are time-dominant: attacks progress at speeds that outpace human-centric systems designed for monitoring and response. Despite this shortcoming, these well-honed and ostensibly reliable systems pervade most domains, including cyberspace. The argument that often prevails when considering the automation of defense is that while technological systems are suitable for simple, well-defined tasks, only humans possess sufficiently nuanced understanding of problems to act appropriately under complicated circumstances. While this perspective is founded in verifiable truths, it does not account for a middle ground in which human-managed technological capabilities extend well into the territory of complex reasoning, thereby automating more nuanced sense-making and dramatically increasing the speed at which it can be applied. Snort1 and platforms like it enable humans to build, refine, and deploy sense-making tools for network defense. Shortcomings of these platforms include a reliance on rule-based logic, which confounds analyst knowledge of how bad actors behave with the means by which bad behaviors can be detected, and a lack of feedback-informed automation of sensor deployment. We propose an approach in which human-specified computational models hypothesize bad behaviors independent of indicators and then allocate sensors to estimate and forecast the state of an intrusion. State estimates and forecasts inform the proactive deployment of additional sensors and detection logic, thereby closing the sense-making loop. All the while, humans are on the loop, rather than in it, permitting nuanced management of fast-acting automated measurement, detection, and inference engines. This paper motivates and conceptualizes analytics to facilitate this human-machine partnership.

Paper Details

Date Published: 3 May 2017
PDF: 16 pages
Proc. SPIE 10207, Next-Generation Analyst V, 102070B (3 May 2017); doi: 10.1117/12.2268003
Show Author Affiliations
Matthew H. Henry, Johns Hopkins Univ. Applied Physics Lab. (United States)

Published in SPIE Proceedings Vol. 10207:
Next-Generation Analyst V
Timothy P. Hanratty; James Llinas, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?