Accession Number:

ADA604794

Title:

Data Mining in Cyber Operations

Descriptive Note:

Interim rept. Mar2012-Mar 2014

Corporate Author:

AIR FORCE RESEARCH LAB ROME NY INFORMATION DIRECTORATE

Personal Author(s):

• Blowers, Misty
• Fernandez, Stean
• Froberg, Brandon
• Williams, Jonathan
• Corbin, George
• Nelson, Kevin

Report Date:

2014-07-01

Pagination or Media Count:

16.0

Abstract:

The dynamic nature of the cyberspace environment presents opportunities for both attackers and defenders to conduct complex cyber operations in serial or parallel across multiple networks and systems. Defensive operators must be vigilant to identify new attack vectors, real-time attacks as they happen, and signs of attacks that have gotten through the security perimeter. This means that defenders must continuously sift through vast amounts of sensor data that could be made more efficient with advances in data mining techniques to accurately map the attack surface, collect and integrate data, synchronize time, select features, develop models, extract knowledge and produce useful visualization. Effective techniques would enable models that describe dynamic behavior of complicated attacks and failures and allow defenders to detect and differentiate simultaneous sophisticated attacks on a target network.

Descriptors:

• *CYBERWARFARE
• *DATA MINING
• ALGORITHMS
• DATA PROCESSING
• DYNAMIC RESPONSE
• INFORMATION RETRIEVAL
• INTRUSION DETECTION(COMPUTERS)
• MODELS
• NETWORKS
• PATTERNS
• SITUATIONAL AWARENESS

Subject Categories:

• Information Science
• Computer Systems Management and Standards
• Cybernetics
• Unconventional Warfare

Distribution Statement:

APPROVED FOR PUBLIC RELEASE