skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: LINEBACKER: LINE-speed Bio-inspired Analysis and Characterization for Event Recognition

Abstract

The cyber world is a complex domain, with digital systems mediating a wide spectrum of human and machine behaviors. While this is enabling a revolution in the way humans interact with each other and data, it also is exposing previously unreachable infrastructure to a worldwide set of actors. Existing solutions for intrusion detection and prevention that are signature-focused typically seek to detect anomalous and/or malicious activity for the sake of preventing or mitigating negative impacts. But a growing interest in behavior-based detection is driving new forms of analysis that move the emphasis from static indicators (e.g. rule-based alarms or tripwires) to behavioral indicators that accommodate a wider contextual perspective. Similar to cyber systems, biosystems have always existed in resource-constrained hostile environments where behaviors are tuned by context. So we look to biosystems as an inspiration for addressing behavior-based cyber challenges. In this paper, we introduce LINEBACKER, a behavior-model based approach to recognizing anomalous events in network traffic and present the design of this approach of bio-inspired and statistical models working in tandem to produce individualized alerting for a collection of systems. Preliminary results of these models operating on historic data are presented along with a plugin to support real-world cybermore » operations.« less

Authors:
; ; ; ; ; ; ; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1334880
Report Number(s):
PNNL-SA-115629
400904120
DOE Contract Number:
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: IEEE Symposium on Security and Privacy Workshops, May 23-25, 2016, San Jose, California, 88-95
Country of Publication:
United States
Language:
English
Subject:
biosequence model; cybersecurity; leaky buckets

Citation Formats

Oehmen, Christopher S., Bruillard, Paul J., Matzke, Brett D., Phillips, Aaron R., Star, Keith T., Jensen, Jeffrey L., Nordwall, Douglas J., Thompson, Seth R., and Peterson, Elena S. LINEBACKER: LINE-speed Bio-inspired Analysis and Characterization for Event Recognition. United States: N. p., 2016. Web. doi:10.1109/SPW.2016.44.
Oehmen, Christopher S., Bruillard, Paul J., Matzke, Brett D., Phillips, Aaron R., Star, Keith T., Jensen, Jeffrey L., Nordwall, Douglas J., Thompson, Seth R., & Peterson, Elena S. LINEBACKER: LINE-speed Bio-inspired Analysis and Characterization for Event Recognition. United States. doi:10.1109/SPW.2016.44.
Oehmen, Christopher S., Bruillard, Paul J., Matzke, Brett D., Phillips, Aaron R., Star, Keith T., Jensen, Jeffrey L., Nordwall, Douglas J., Thompson, Seth R., and Peterson, Elena S. 2016. "LINEBACKER: LINE-speed Bio-inspired Analysis and Characterization for Event Recognition". United States. doi:10.1109/SPW.2016.44.
@article{osti_1334880,
title = {LINEBACKER: LINE-speed Bio-inspired Analysis and Characterization for Event Recognition},
author = {Oehmen, Christopher S. and Bruillard, Paul J. and Matzke, Brett D. and Phillips, Aaron R. and Star, Keith T. and Jensen, Jeffrey L. and Nordwall, Douglas J. and Thompson, Seth R. and Peterson, Elena S.},
abstractNote = {The cyber world is a complex domain, with digital systems mediating a wide spectrum of human and machine behaviors. While this is enabling a revolution in the way humans interact with each other and data, it also is exposing previously unreachable infrastructure to a worldwide set of actors. Existing solutions for intrusion detection and prevention that are signature-focused typically seek to detect anomalous and/or malicious activity for the sake of preventing or mitigating negative impacts. But a growing interest in behavior-based detection is driving new forms of analysis that move the emphasis from static indicators (e.g. rule-based alarms or tripwires) to behavioral indicators that accommodate a wider contextual perspective. Similar to cyber systems, biosystems have always existed in resource-constrained hostile environments where behaviors are tuned by context. So we look to biosystems as an inspiration for addressing behavior-based cyber challenges. In this paper, we introduce LINEBACKER, a behavior-model based approach to recognizing anomalous events in network traffic and present the design of this approach of bio-inspired and statistical models working in tandem to produce individualized alerting for a collection of systems. Preliminary results of these models operating on historic data are presented along with a plugin to support real-world cyber operations.},
doi = {10.1109/SPW.2016.44},
journal = {},
number = ,
volume = ,
place = {United States},
year = 2016,
month = 8
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • A multiparameter data-acquisition program is described that is highly flexible and yet provides optimum machine code for each individual set of sorting conditions. An Event Analysis Language (EVAL) compiler allows the user full control over the handling of events and produces code which runs 4 to 6 times faster than a generalized program. This technique has been integrated into the Los Alamos Physics Division data acquisition system for high-speed sorting of a wide variety of input data from CAMAC or magnetic tape. The EVAL compiler is written in FORTRAN for MODCOMP computers, but can be easily modified for other systems.
  • No abstract prepared.
  • This paper experimentally investigates a worst case grid loss event conducted on the National Renewable Energy Laboratory (NREL) Gearbox Reliability Collaborative (GRC) drivetrain mounted on the 2.5MW NREL dynamic nacelle test-rig. The GRC drivetrain has a directly grid-coupled, fixed speed asynchronous generator. The main goal is the assessment of the dynamic content driving this particular assess the dynamic content of the high-speed stage of the GRC gearbox. In addition to external accelerometers, high frequency sampled measurements of strain gauges were used to assess torque fluctuations and bending moments both at the nacelle main shaft and gearbox high-speed shaft (HSS) throughmore » the entire duration of the event. Modal analysis was conducted using a polyreference Least Squares Complex Frequency-domain (pLSCF) modal identification estimator. The event driving the torsional resonance was identified. Moreover, the pLSCF estimator identified main drivetrain resonances based on a combination of acceleration and strain measurements. Without external action during the grid-loss event, a mode shape characterized by counter phase rotation of the rotor and generator rotor determined by the drivetrain flexibility and rotor inertias was the main driver of the event. This behavior resulted in significant torque oscillations with large amplitude negative torque periods. Based on tooth strain measurements of the HSS pinion, this work showed that at each zero-crossing, the teeth lost contact and came into contact with the backside flank. In addition, dynamic nontorque loads between the gearbox and generator at the HSS played an important role, as indicated by strain gauge-measurements.« less
  • The goal of our work is to provide a high level of confidence that critical software driven event sequences are maintained in the face of hardware failures, malevolent attacks and harsh or unstable operating environments. This will be accomplished by providing dynamic fault management measures directly to the software developer and to their varied development environments. The methodology employed here is inspired by previous work in path expressions. This paper discusses the perceived problems, a brief overview of path expressions, the proposed methods, and a discussion of the differences between the proposed methods and traditional path expression usage and implementation.