Multistage Analysis of Cyber Threats for Quick Mission Impact Assessment (CyberIA)
SPACE AND NAVAL WARFARE SYSTEMS CENTER PACIFIC SAN DIEGO CA
Pagination or Media Count:
Network intrusion detection systems IDS are powerful network defense tools that monitor network traffic in real time and generate alarms based on known signatures however, the increasing complexity of cyber threats e.g., advanced malware, distributed denial-of-service attacks, and session-hijacking have produced large alarm sets. Analysts may miss an alarm or a mission-critical system may become compromised due to the amount of data required for processing. This information overload often leads to unknown cyber postures, system capabilities, and ultimately mission impacts due to cyber threats. In this technical document, we propose Multistage Analysis of Cyber Threats for Quick Mission Impact Assessment CyberIA, a multistage approach to log reduction as well as the development of framework to support IDS alarm analysis for network impact assessments. The system is composed of two phases of algorithms. The first phase utilizes a k-means clustering algorithm, and the second phase utilizes a supervised machine-learning system to minimize the clustered log sets. The final result is coupled with a network graph database to determine the impact on networked systems.
- Computer Systems Management and Standards