skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Final LDRD Report: Using Linkography of Cyber Attack Patterns to Inform Honeytoken Placement

Technical Report ·
DOI:https://doi.org/10.2172/1455370· OSTI ID:1455370
 [1];  [1];  [2]
  1. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States). Cyber Security Technologies Dept.
  2. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States). Embedded Systems Analysis Dept.
+ Show Author Affiliations

The war to establish cyber supremacy continues, and the literature is crowded with strictly technical cyber security measures. We present the results of a three year LDRD project using Linkography, a methodology new to the field of cyber security, we establish the foundation necessary to track and profile the microbehavior of humans attacking cyber systems. We also propose ways to leverage this understanding to influence and deceive these attackers. We studied the science of linkography, applied it to the cyber security domain, implemented a software package to manage linkographs, generated the preprocessing blocks necessary to ingest raw data, produced machine learning models, created ontology refinement algorithms and prototyped a web application for researchers and practitioners to apply linkography. Machine learning produced some of our key results: We trained and validated multinomial classifiers with a real world data set and predicted the attacker's next category of action with 86 to 98% accuracy; dimension reduction techniques indicated that the linkography-based features were among the most powerful. We also discovered ontology refinement algorithms that advanced the state of the art in linkography in general and cyber security in particular. We conclude that linkography is a viable tool for cyber security; we look forward to expanding our work to other data sources and using our prediction results to enable adversary deception techniques.

Research Organization:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Sponsoring Organization:
USDOE National Nuclear Security Administration (NNSA); USDOE Laboratory Directed Research and Development (LDRD) Program
DOE Contract Number:
AC04-94AL85000
OSTI ID:
1455370
Report Number(s):
SAND2016-9212; 664365
Country of Publication:
United States
Language:
English

Similar Records

Machine Learning for Power System Disturbance and Cyber-attack Discrimination
Conference · Wed Jan 01 00:00:00 EST 2014 · OSTI ID:1455370
+3 more
Attack Transferability Against Information-Theoretic Feature Selection
Journal Article · Fri Jan 01 00:00:00 EST 2021 · IEEE Access · OSTI ID:1455370
Temporal Cyber Attack Detection.
Technical Report · Wed Nov 01 00:00:00 EDT 2017 · OSTI ID:1455370
+1 more

Related Subjects

97 MATHEMATICS AND COMPUTING