Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse
- ORNL
The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.
- Research Organization:
- Oak Ridge National Laboratory (ORNL)
- Sponsoring Organization:
- ORNL LDRD Director's R&D
- DOE Contract Number:
- AC05-00OR22725
- OSTI ID:
- 1090473
- Journal Information:
- International Journal of Communications, Network and System Sciences, Journal Name: International Journal of Communications, Network and System Sciences Journal Issue: 9a Vol. 5; ISSN 1913-3715
- Country of Publication:
- United States
- Language:
- English
Similar Records
Cincinnatus: Domain-Independent Breach Detection System