It’s not uncommon for large-scale enterprises to manage hundreds of thousands of computers, networks with thousands of devices, and petabytes of data. What makes problems at this scale particularly difficult is that often there must be a human in the loop. Security is no exception. Security analysts suffer in automating problem solving duties because it’s inherently difficult to capture the tacit knowledge and procedures that they use to arrive at a decision; in addition, integrating with all of the myriad tools and sources of information an analyst uses to make a decision and react is cost prohibitive.
Humans introduce significant delays in the time to mitigate a threat. Yet, security analysts are typically flooded with far more alerts than they can possibly handle. How these alerts should be prioritized is poorly understood. Humans make mistakes, so organizations typically establish processes and best practices for their labor force to ensure that problems are dealt with systematically and predictably. Although this doesn’t guarantee that errors won’t happen, these techniques can help manage these errors to a tolerable level. But policies and best practices are designed to address well-understood threats and often don’t adequately address emerging threats, especially in a highly dynamic and changing environments.
Situation Awareness is usually defined in terms of what information is important for a particular job or goal.
Most of the problems with Situation Awareness occur at the level “Perception” and “Comprehension” because of missing information, information overload, information perceived in a wrong way (e.g., noise) or also information not pertinent with respect to the specific goal. Thus, the current situation must be identified, in general, in uncertainty conditions and within complex and critical environments. In this case, it is needed an effective hybridization of the human component with the technological (automatic) component to succeed in tasks related to Situation Awareness.
Situation Awareness oriented systems have to organize information around goals and provide a proper level of abstraction of meaningful information. To answer these issues, we propose a Cognitive Architecture, for defining Situation Awareness oriented systems, that is defined by starting from the well-known Endsley’s Model and integrating a set of Computational Intelligence techniques (e.g., Fuzzy Cognitive Maps and Formal Concept Analysis) to support the three main processes of the model (perception, comprehension and projection). One of these techniques is Granular Computing that makes information observable at different levels of granularity and approximation to allow humans to focus on specific details, overall picture or on any other level with respect to their specific goals, constraints, roles, characteristics and so on.
Furthermore, the proposed Cognitive Architecture considers some enabling technologies like multi-agents systems and semantic modeling to provide a solution to face the complexity and heterogeneity of the monitored environment and the capability to represent, in a machine-understandable way, procedural, factual and other kind of knowledge and all the memory facilities that could be required.
Practical experiences deriving from the realization of complex systems in the domain of Smart and Safe Cities will be presented during the talk.