Dr. Noam Ben-Asher is a researcher at the Computational and Information Sciences Directorate at US-Army Research Laboratory. Before this position, Noam was a postdoctoral fellow at the Dynamic DecisionMaking Laboratory at Carnegie Mellon University. His primary interests lie at the intersection of cognitive science, decision science and human factors engineering, with a particular interest in cyber security. In this field, he combines behavioral studies with computational cognitive modeling to study cyber defenders and attackers situation awareness and dynamic decision making processes in cyber warfare.
Modern day detection of cyber threats is a highly manual process where teams of human analysts flag suspicious events while using assistive tools such as Bro and Snort. It is the analysts’ ability to discern suspicious activity and authority to make decisions on threats that place humans into central roles in the threat detection process. However, over-reliance on human ability can lead to a high volume of undetected threats. As the tempo, diversity and complexity of cyberspace threats continues to increase, this shortcoming can only worsen. Therefore, there is a need for a new detection paradigm that is largely automated but where analysts maintain situational awareness and control of the process. We propose a synergistic detection process that captures the benefits of human cognition and machine computation while mitigating their weaknesses. The analyst provides context and domain knowledge, and the machines provide the ability to handle vast data at speed.