Automated cyber threat analysis and specified process using vector relational data modeling
Kelly, Ryan Forrest
Anderson, Thomas S.
MetadataShow full item record
Computer network defense systems should be sufficiently integrated to pull data from any information source, model an expert cyber analyst’s decision process, continuously adapt to an evolving cyber threat environment, and amalgamate with industry standard network hardware. Unfortunately, cyber defense systems are generally stovepipe solutions that do not natively integrate disparate network systems. Correlation engines are generally limited in capability, extensibility, and do not evolve with a dynamic cyber threatscape. Current network defense systems mitigate known vulnerabilities, but effective methods of traffic analysis capable of detecting unknown exploits and identifying advanced persistent threats have yet to be developed. Expert analysts can isolate threats by manually aggregating data sources and distinguishing patterns that indicate a compromise, but there are insufficient skilled analysts available to combat the problem. This work demonstrates a process control configuration that can emulate the investigative process of a human cyber security expert into a pseudo cognitive apparatus capable of accessing several network available data sources, determining a network threat, and terminating a connection, in minutes. The investigative process to detect a PHPMyAdmin attack and issue a response was entirely configured in a vector relational data modeling environment. The configuration could detect and respond to multi-part threat specifications.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2006-07);July 2006. The July 2006 issue of Homeland Security Affairs offers articles about risk perception, domestic right wing extremist groups, social network analysis, and the impact of foreign policy on homeland security. It ...
Ong, Chee Wei. (Monterey, California. Naval Postgraduate School, 2008-12);Seaweb is an underwater acoustic wide-area network connecting autonomous, distributed nodes. Prior iterations of Seaweb relied on operator intervention to initialize and manually configure the network routes. This thesis ...
Rambo, Matthew B. (Monterey, California: Naval Postgraduate School, 2016-09);This thesis proposes a system of systems (SoS) engineering and integration (SoSE&I) process and provides a use case for a network transport analysis that is tailored to an information technology (IT) network. The purpose ...