A Study of Gaps in Network Knowledge Synthesis
Abstract
Network Knowledge Synthesis (NKS) refers to effective use of network defense information for cyber assessment and management. The vision of NKS is to achieve better informed situational awareness leading to superior cyber defense. Five major components are necessary to achieve this vision: sensor placement, data collection, data filtering, data analysis and sense making, and in-formation sharing. By reviewing the state of the art for each of these components, we identify high-priority, short-term research objectives for NKS components, which include: collection of small, indicative, and symptomatic network data; connecting identities at multiple layers; ensuring the authenticity of collected data; identifying the ideal semantic layer for each type of data; developing scalable and decentralized filters; developing fast analysis algorithms that can operate in a malicious environment; testing such algorithms in real-world networks; and sharing properly anonymized network \knowledge" rather than raw data. These eorts will constitute the basic blocks of an effective NKS system.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 18, 2015
- Accession Number
- AD1034026
Entities
People
- George K. Baah
- Hamed Okhravi
- Richard W. Skowyra
- Shannon C. Roberts
- William W. Streilein
Organizations
- Massachusetts Institute of Technology