Cyber-attacks are increasing in frequency, impact, and complexity, which demonstrate extensive vulnerabilities of networks with the potential for catastrophic damage. Defending against these cyber-attacks requires network security situation awareness (SA) through distributed collaborative monitoring, detection, and mitigation. In the Phase I project, IFT team has developed a Network Sensor-Based Defense Framework for Active Network Security Situation Awareness and Impact Mitigation. The framework features five elements: distributed network sensors (both passive and active), effective anomaly detectors, cyber-attack scene investigation, game theoretic cyber-attack formalization, and Google Earth based multi-view and multi-layer visualization. The preliminary yet promising results obtained in the Phase I study clearly demonstrate that IFT’s network sensor based defense framework provides innovative and effective SA techniques for active network security and proactive impact mitigation against cyber network attacks. In the Phase II research proposed, we will revise, extend, and optimize the Phase I research results with the focus on enhanced detection techniques, privacy-preserving, insider attack detection, game theoretic intent inference and impact mitigation, trust/assurance of network sensors, system resilience/agility, social-cultural factor modeling, traceback for anonymous attacks, and coordination between passive sensors and active sensors for a holistic cyber assessment testbed to enhance strategic and operational capabilities.