Automated cyber threat analysis and specified process using vector relational data modeling
Kelly, Ryan Forrest
Anderson, Thomas S.
MetadataShow full item record
Computer network defense systems should be sufficiently integrated to pull data from any information source, model an expert cyber analyst’s decision process, continuously adapt to an evolving cyber threat environment, and amalgamate with industry standard network hardware. Unfortunately, cyber defense systems are generally stovepipe solutions that do not natively integrate disparate network systems. Correlation engines are generally limited in capability, extensibility, and do not evolve with a dynamic cyber threatscape. Current network defense systems mitigate known vulnerabilities, but effective methods of traffic analysis capable of detecting unknown exploits and identifying advanced persistent threats have yet to be developed. Expert analysts can isolate threats by manually aggregating data sources and distinguishing patterns that indicate a compromise, but there are insufficient skilled analysts available to combat the problem. This work demonstrates a process control configuration that can emulate the investigative process of a human cyber security expert into a pseudo cognitive apparatus capable of accessing several network available data sources, determining a network threat, and terminating a connection, in minutes. The investigative process to detect a PHPMyAdmin attack and issue a response was entirely configured in a vector relational data modeling environment. The configuration could detect and respond to multi-part threat specifications.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Dougherty, Kevin R. (Monterey, California: Naval Postgraduate School, 2017-03);There is no process or system capable of detecting obfuscated network traffic on Department of Defense (DOD) networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of this traffic on a ...
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2006-07);July 2006. The July 2006 issue of Homeland Security Affairs offers articles about risk perception, domestic right wing extremist groups, social network analysis, and the impact of foreign policy on homeland security. It ...
Test and evaluation of the Malicious Activity Simulation Tool (MAST) in a Local Area Network (LAN) running the Common PC Operating System Environment (COMPOSE) Littlejohn, Aaron M.; Makhlouf, Ehab (Monterey, California: Naval Postgraduate School, 2013-09);In the Department of the Navys layered defense approach to protecting a computer network, it is the networks administrators who provide the last layer of defense before the end user. Training network administrators is a ...