Recognizing Unexplained Behavior in Network Events
Abstract
The project aims at gaining a fundamental understanding with regards to what extent a set of behavior models can jointly explain a sequence of network events. Based on such an understanding the team will create a new capability that can integrate artificial intelligence and human intelligence in innovative ways to recognize unexplained behaviors in network events. The project will work under three thrusts: Thrust 1: To explore and analyze the theory and framework that can lead to the creation of automated process of ÒsupervisedÓ data mining of analystsÕ operation traces, and analysis of data triage (e.g., diagnosis across multiple data sources including IDS alerts, firewall logs, CVEs, and network traffic). Thrust 2: To create efficient extraction and indexing scheme that can capture analystsÕ data triage operations of human analysts so that efficient retrieval of analyst experiences is made possible. Thrust 3: To create intelligent software agents that can perform Òlearned-from-tracesÓ data triage tasks at large scale, index the newest data triage operations of analysts, and retrieve the past analyst experiences that is most relevant to the ongoing network events.
Document Details
- Document Type
- DoD Grant Award
- Publication Date
- Jan 12, 2017
- Source ID
- W911NF1510576
Entities
People
- Peng Liu
Organizations
- Army Contracting Command
- Pennsylvania State University
- United States Army