Predicting and Detecting Emerging Cyberattack Patterns Using StreamWorks

Chin, George; Choudhury, Sutanay; Feo, John T.; Holder, Larry

doi:10.1145/2602087.2602111

Title: Predicting and Detecting Emerging Cyberattack Patterns Using StreamWorks

Conference · Mon Jun 30 00:00:00 EDT 2014

DOI:https://doi.org/10.1145/2602087.2602111· OSTI ID:1156990

Chin, George; Choudhury, Sutanay; Feo, John T.; Holder, Larry

The number and sophistication of cyberattacks on industries and governments have dramatically grown in recent years. To counter this movement, new advanced tools and techniques are needed to detect cyberattacks in their early stages such that defensive actions may be taken to avert or mitigate potential damage. From a cybersecurity analysis perspective, detecting cyberattacks may be cast as a problem of identifying patterns in computer network traffic. Logically and intuitively, these patterns may take on the form of a directed graph that conveys how an attack or intrusion propagates through the computers of a network. Such cyberattack graphs could provide cybersecurity analysts with powerful conceptual representations that are natural to express and analyze. We have been researching and developing graph-centric approaches and algorithms for dynamic cyberattack detection. The advanced dynamic graph algorithms we are developing will be packaged into a streaming network analysis framework known as StreamWorks. With StreamWorks, a scientist or analyst may detect and identify precursor events and patterns as they emerge in complex networks. This analysis framework is intended to be used in a dynamic environment where network data is streamed in and is appended to a large-scale dynamic graph. Specific graphical query patterns are decomposed and collected into a graph query library. The individual decomposed subpatterns in the library are continuously and efficiently matched against the dynamic graph as it evolves to identify and detect early, partial subgraph patterns. The scalable emerging subgraph pattern algorithms will match on both structural and semantic network properties.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-76RL01830

OSTI ID:: 1156990

Report Number(s):: PNNL-SA-92139; 400470000

Resource Relation:: Conference: CISR '14 Proceedings of the 9th Annual Cyber and Information Security Research Conference, 93-96

Country of Publication:: United States

Language:: English

Similar Records

Performance and usability enhancements for continuous subgraph matching queries on graph-structured data

Patent · Tue Oct 20 00:00:00 EDT 2020 · OSTI ID:1156990

Choudhury, Sutanay; Chin, George; Agarwal, Khushbu; +1 more

Scalable Pattern Matching in Metadata Graphs via Constraint Checking

Journal Article · Mon Jan 04 00:00:00 EST 2021 · ACM Transactions on Parallel Computing · OSTI ID:1156990

Reza, Tahsin; Halawa, Hassan; Ripeanu, Matei; +2 more

Large-Scale Continuous Subgraph Queries on Streams

Conference · Wed Nov 30 00:00:00 EST 2011 · OSTI ID:1156990

Choudhury, Sutanay; Holder, Larry; Chin, George; +1 more

Title: Predicting and Detecting Emerging Cyberattack Patterns Using StreamWorks

Citation Formats

Similar Records

Related Subjects