Automated cyber threat analysis and specified process using vector relational data modeling
Loading...
Authors
Kelly, Ryan Forrest
Subjects
Executable information configuration
cyber threat analysis
advanced persistent threats (APT)
cyber defense
Vector Relational Data Modeling (VRDM)
semi-sentient
decision making
computer network defense
cyber protection
configured solution.
cyber threat analysis
advanced persistent threats (APT)
cyber defense
Vector Relational Data Modeling (VRDM)
semi-sentient
decision making
computer network defense
cyber protection
configured solution.
Advisors
Gallup, Shelley
Anderson, Thomas S.
Date of Issue
2014-09
Date
Sep-14
Publisher
Monterey, California: Naval Postgraduate School
Language
en_US
Abstract
Computer network defense systems should be sufficiently integrated to pull data from any information source, model an expert cyber analyst’s decision process, continuously adapt to an evolving cyber threat environment, and amalgamate with industry standard network hardware. Unfortunately, cyber defense systems are generally stovepipe solutions that do not natively integrate disparate network systems. Correlation engines are generally limited in capability, extensibility, and do not evolve with a dynamic cyber threatscape. Current network defense systems mitigate known vulnerabilities, but effective methods of traffic analysis capable of detecting unknown exploits and identifying advanced persistent threats have yet to be developed. Expert analysts can isolate threats by manually aggregating data sources and distinguishing patterns that indicate a compromise, but there are insufficient skilled analysts available to combat the problem. This work demonstrates a process control configuration that can emulate the investigative process of a human cyber security expert into a pseudo cognitive apparatus capable of accessing several network available data sources, determining a network threat, and terminating a connection, in minutes. The investigative process to detect a PHPMyAdmin attack and issue a response was entirely configured in a vector relational data modeling environment. The configuration could detect and respond to multi-part threat specifications.
Type
Thesis
Description
Series/Report No
Department
Organization
Naval Postgraduate School
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.