Cyber Signal/Noise Characteristics and Sensor Models for Early Cyber Indications and Warning

Abstract

We designed a method to develop a suite of specialized cyber sensors that are optimized to detect cyber attack observables. We develop our sensors using scientific knowledge of characteristics of cyber signal (attack data) and noise (normal "norm" data). In our approach, we built models for attack norm characteristics. To detect characteristics, we used our norm model to filter out noise from mixed data and our attack model to detect a cyber signal. Our solution aims to reduce false alarm rates, increase detection rates and provide earlier detection with knowledge gained from our scientific investigation of attacks. The development phases of the attack-norm separation approach include classifying and profiling cyber attacks, analytical discovery of signet and noise characteristics, designing and testing sensor models, sensor fusion models, and finally an optimized suite of cyber sensors. We have created a number of sensors based on a subset of cyber attacks and tested them to show performance of attack detection and recognition.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2005
Accession Number
ADA439692

Entities

People

  • Nong Ye

Organizations

  • Arizona State University

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems
  • Sensors

DTIC Thesaurus Topics

  • Bayesian Networks
  • Computational Science
  • Computer Programming
  • Computers
  • Data Mining
  • Databases
  • Denial Of Service Attack
  • Detection
  • Detectors
  • Electronic Mail
  • Information Processing
  • Information Science
  • Network Protocols
  • Operating Systems
  • Routing Protocols
  • Surveys
  • Warning Systems

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.
  • Sensor Fusion and Tracking Systems.

Technology Areas

  • Cyber