A Survey on Threat Situation Awareness Systems: Framework, Techniques, and Insights
It synthesizes existing research for cybersecurity practitioners and researchers, but is incremental as a survey rather than presenting new methods.
This paper provides a comprehensive survey of cyber threat situation awareness systems, analyzing their frameworks, techniques, and evaluation methods to address AI-powered threats in cyberspace.
Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system need to be developed which has the ability of monitoring and capturing various types of threats, analyzing and devising a plan to avoid further attacks. This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, and analysis of the techniques, and evaluation methods. Lastly, we highlight misconceptions, insights and limitations of this study and suggest some future work directions to address the limitations.