FuSIA: Future situation and impact awareness

Recent cyber security research has focused on providing a situation awareness of computer networks by identifying incoming attacks. FuSIA: Future Situation and Impact Awareness seeks to extend this situation awareness via estimating plausible futures of ongoing attacks. Plausible futures, derived based on current progress of attacks, are projected situations that computer security analysts may use to determine appropriate actions for proactive defense. This work discusses the generalized framework of FuSIA as well as its application in cyber intrusion projection. FuSIA adopts application specific contextual information as well as provides flexibility by accommodating multiple projection algorithms. In particular, this paper presents threat projection algorithms via analyzing capability and opportunity of ongoing attacks. Plausibility scores derived from these algorithms are then combined based on Dempster-Shafer theory to provide a final fused estimate of plausible futures.