Ultrascalable Techniques Applied to the Global Intelligence Community Information Awareness Common Operating Picture (IA COP)

Abstract

The focus of this research is to develop detection, correlation, and representation approaches to address the needs of the Intelligence Community Information Awareness Common Operating Picture (IA COP). The approaches build on existing enterprise information security tools where appropriate, and depart from these traditional methods where required. In particular, the requirement to scale to large networks and data repositories is the primary driver for technical innovation. We explored the following areas: * Representation of network observables to enable signature-free detection at various network scales. Mining these observables to detect emerging phenomena, departures from trends, and anomalies visible at multiple sites. * A departure from the current incident-centric approach to intrusion alert correlation toward an entity centric "dossier" methodology. * Incorporation of techniques from nonlinear dynamical systems to identify, for example, loci of unusual activity.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2005
Accession Number
ADA442045

Entities

People

  • Alfonso Valdes
  • Jim Kadte

Organizations

  • SRI International

Tags

Communities of Interest

  • Energy and Power Technologies
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Change Detection
  • Computational Science
  • Computer Network Security
  • Computer Networks
  • Computers
  • Cybersecurity
  • Detection
  • Detectors
  • Information Security
  • Intelligence Community
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Port Scanners
  • Security

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Neural Network Machine Learning.
  • Theoretical Analysis.