skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Situational Awareness of Network System Roles (SANSR)

Abstract

In a large enterprise it is difficult for cyber security analysts to know what services and roles every machine on the network is performing (e.g. file server, domain name server, email server). Understanding the roles of the systems in the network provides analysts with a situational awareness that will allow them to detect consequential changes in the network, initiate an incident response plan, and optimize their security posture. Using the network flow data, already collected by most enterprises, we developed a tool that enables analysts to automatically detect/classify services and roles of every machine that’s operating on a network (e.g. file server, domain name server, email server) for better situational awareness of potential threats to the network. his tool queries Elasticsearch for network flow data, creates a temporal behavior model of each system, uses unsupervised machine learning to cluster the models with a set of labeled temporal behavior models, and the resulting information can be printed to the console or programmatically accessed. The results include the likelihood that a machine has a labeled role and lists other machines that are most similar in behavior.

Authors:
 [1];  [1]
  1. Oak Ridge National Laboratory
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1566849
Report Number(s):
Situational Awareness of Network System Roles; 005883MLTPL00
DOE Contract Number:  
AC05-00OR22725
Resource Type:
Software
Software Revision:
00
Software Package Number:
005883
Software CPU:
MLTPL
Source Code Available:
Yes
Country of Publication:
United States

Citation Formats

Huffer, Kelly M, and Reed, Joel W. Situational Awareness of Network System Roles (SANSR). Computer software. Vers. 00. USDOE. 18 Jan. 2019. Web.
Huffer, Kelly M, & Reed, Joel W. (2019, January 18). Situational Awareness of Network System Roles (SANSR) (Version 00) [Computer software].
Huffer, Kelly M, and Reed, Joel W. Situational Awareness of Network System Roles (SANSR). Computer software. Version 00. January 18, 2019.
@misc{osti_1566849,
title = {Situational Awareness of Network System Roles (SANSR), Version 00},
author = {Huffer, Kelly M and Reed, Joel W},
abstractNote = {In a large enterprise it is difficult for cyber security analysts to know what services and roles every machine on the network is performing (e.g. file server, domain name server, email server). Understanding the roles of the systems in the network provides analysts with a situational awareness that will allow them to detect consequential changes in the network, initiate an incident response plan, and optimize their security posture. Using the network flow data, already collected by most enterprises, we developed a tool that enables analysts to automatically detect/classify services and roles of every machine that’s operating on a network (e.g. file server, domain name server, email server) for better situational awareness of potential threats to the network. his tool queries Elasticsearch for network flow data, creates a temporal behavior model of each system, uses unsupervised machine learning to cluster the models with a set of labeled temporal behavior models, and the resulting information can be printed to the console or programmatically accessed. The results include the likelihood that a machine has a labeled role and lists other machines that are most similar in behavior.},
doi = {},
year = {2019},
month = {1},
note =
}

Software:
To order this software, request consultation services, or receive further information, please fill out the following request.

Save / Share:

To receive further information, fill out the request form below. OSTI staff will begin to process an order for scientific and technical software once the signed site license agreement is received. You may also reach us by email at: .

Software Request

(required)
(required)
(required)
(required)
(required)
(required)
(required)
(required)