Situational Awareness Analysis Tools for Aiding Discovery of Security Events and Patterns

Abstract

The goal of the effort was to develop a comprehensive situational awareness analysis tool for discovery of intrusive behavior in information infrastructures and understanding anomalous network traffic. The University of Minnesota team has developed a comprehensive, multi-stage analysis framework which provides tools and analysis methodologies to aid cyber security analysts in improving the quality and productivity of their analyses. It consists of several components: various Level-I sensors and analysis modules for detecting suspicious or anomalous events and activities, the output of which are then fed into a multi-step Level-II analysis system - the core of the analysis framework - that correlate and fuse Level-I sensor data and alerts, extract likely attack contexts and produce sequences of attack events to build a plausible attack scenario.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2005
Accession Number
ADA439552

Entities

People

  • Changho Choi
  • Eric Eilertson
  • Gyorgy Simon
  • Haiyang Liu
  • Jaideep Srivastava
  • Mark Shaneck
  • Varun Chandola
  • Vipin Kumar
  • Yongdae Kim
  • Zhi-Li Zhang

Organizations

  • University of Minnesota

Tags

Communities of Interest

  • C4I
  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Anomaly Detection
  • Change Detection
  • Command And Control
  • Computational Science
  • Computer Communications
  • Computer Network Security
  • Computer Networks
  • Cyberattacks
  • Cybersecurity
  • Data Mining
  • Detectors
  • Electronic Mail
  • Information Science
  • Intrusion Detection
  • Intrusion Detectors
  • Machine Learning
  • Network Science

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Distributed Systems and Data Platform Development
  • Sensor Fusion and Tracking Systems.

Technology Areas

  • Cyber