Multistage Analysis of Cyber Threats for Quick Mission Impact Assessment (CyberIA)
Abstract
Network intrusion detection systems (IDS) are powerful network defense tools that monitor network traffic in real time and generate alarms based on known signatures; however, the increasing complexity of cyber threats (e.g., advanced malware), distributed denial-of-service attacks, and session-hijacking have produced large alarm sets. Analysts may miss an alarm or a mission-critical system may become compromised due to the amount of data required for processing. This information overload often leads to unknown cyber postures, system capabilities, and ultimately mission impacts due to cyber threats. In this technical document, we propose Multistage Analysis of Cyber Threats for Quick Mission Impact Assessment (CyberIA), a multistage approach to log reduction as well as the development of framework to support IDS alarm analysis for network impact assessments. The system is composed of two phases of algorithms. The first phase utilizes a k-means clustering algorithm, and the second phase utilizes a supervised machine-learning system to minimize the clustered log sets. The final result is coupled with a network graph database to determine the impact on networked systems.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2015
- Accession Number
- ADA626130
Entities
People
- Henry Au
Organizations
- Naval Information Warfare Systems Command