Adaptation of the JDL Model for Multi-Sensor National Cyber Security Data Fusion

Abstract

The potential attack surface of a nation is large and no single source of cyber security data provides all the required information to accurately describe the cyber security readiness of a nation. There are a variety of specialised data sources available to assess the state of a nation in key areas such as botnets, spam servers and incorrectly configured hosts. By applying data fusion principles, the potential exists to provide a representative view of all combined data sources. This research will examine a variety of currently available Internet data sources and apply it to an adapted Joint Directors of Laboratories (JDL) data fusion model in order to illustrate the potential gains and current limitations. The JDL model has been adapted to suit national level cyber sensor data fusion with the aim to formally define and reduce data ambiguity and enhance fusion capability in a real world system. A case study highlights the results of applying available open source security information against the model to relate to the current South African cyber landscape.