High-Level Information Fusion of Cyber-Security Expert Knowledge and Experimental Data

High-Level Information Fusion (HLIF) provides the ability to combine data from diverse sources, including documents involving analyst assessment and raw sensor reports generated by sensors, in a coherent and consistent way. Command and Control (C2) in cyber infrastructure involves gathering information from experts, merging it with field knowledge and experimental results, and selected the most appropriate cyber assets to deploy at any given time in the mission cycle. When framing cyber asset selection as a HLIF problem, one key aspect involves estimation of network-wide impacts generated by cyber assets. Cyberspace is a highly dynamic man-made domain with a high degree of uncertainty and incomplete data which must be transformed into knowledge to support precise and predictable cyber effects estimation. Current systems have to rely on human subject matter experts (SMEs) for most tasks, rendering the cyber asset planning process too time consuming and therefore operationally ineffective. This paper proposes an architecture that leverages probabilistic ontologies to expedite the cyber asset planning process, allowing for the automation of most time-consuming, error-prone, SME-based knowledge elicitation under uncertainty. We illustrate the main aspects of the proposed architecture through examples taken from the Derived and Integrated Cyber Assets (DICE) project.