A Survey on Threat Situation Awareness Systems: Framework, Techniques, and Insights

TL;DR

This survey reviews the current state of cyber threat situation awareness systems, discussing their frameworks, techniques, and insights to enhance detection and response to sophisticated cyber threats, including AI-powered attacks.

Contribution

It provides a comprehensive overview of existing cyber SA systems, analyzing their design principles, frameworks, techniques, and evaluation methods, and highlights future research directions.

Findings

Identifies key design principles and frameworks for cyber SA systems.

Analyzes data collection and analysis techniques used in cyber SA.

Discusses limitations and misconceptions in current cyber SA research.

Abstract

Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system need to be developed which has the ability of monitoring and capturing various types of threats, analyzing and devising a plan to avoid further attacks. This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, and analysis of the techniques, and evaluation methods. Lastly, we highlight misconceptions, insights and limitations of this study and suggest some future work directions to address the limitations.