Accession Number:

AD1079170

Title:

Information and Software Assurance: A Coordinated Approach to Cyber-Situation Awareness Based on Traffic Anomaly Detection

Descriptive Note:

Technical Report,03 Jun 2011,22 Mar 2019

Corporate Author:

Boston University Boston United States

Personal Author(s):

• Cassandras,Christos G.
• Crovella,Mark
• Barford,Paul R.
• Paschalidis,Yannis

Report Date:

2019-04-16

Pagination or Media Count:

57.0

Abstract:

We are developing a suite of approaches for detecting anomalies in communication network traffic. While the methods are general and apply to many situations, we have primarily focused on methods to detect data exfiltration of unauthorized material from servers, repositories, and databases by third malicious parties. Our objective is to detect such attacks in their preparatory or early stage simply by observing the traffic that flows in and out of these repositories.

Descriptors:

• change detection
• anomaly detection
• communication networks
• CYBERATTACKS
• computer security
• wireless sensor networks
• COMPUTER NETWORK SECURITY
• data mining
• machine learning
• network science

Subject Categories:

• Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE