Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Detailed Statistical Models of Host-Based Data for Detection of Malicious Activity

Technical Report ·
DOI:https://doi.org/10.2172/1570095· OSTI ID:1570095
 [1];  [2];  [1];  [1];  [1];  [1];  [3];  [2];  [1];  [1];  [1]
  1. Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
  2. University of Texas at San Antonio, TX (United States)
  3. Gonzaga University, Spokane, WA (United States)
+ Show Author Affiliations
The cybersecurity research community has focused primarily on the analysis and automation of intrusion detection systems by examining network traffic behaviors. Expanding on this expertise, advanced cyber defense analysis is turning to host-based data to use in research and development to produce the next generation network defense tools. The ability to perform deep packet inspection of network traffic is increasingly harder with most boundary network traffic moving to HTTPS. Additionally, network data alone does not provide a full picture of end-to-end activity. These are some of the reasons that necessitate looking at other data sources such as host data. We outline our investigation into the processing, formatting, and storing of the data along with the preliminary results from our exploratory data analysis. In writing this report, it is our goal to aid in guiding future research by providing foundational understanding for an area of cybersecurity that is rich with a variety of complex, categorical, and sparse data, with a strong human influence component. Including suggestions for guiding potential directions for future research.
Research Organization:
Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
Sponsoring Organization:
USDOE National Nuclear Security Administration (NNSA)
DOE Contract Number:
AC04-94AL85000
OSTI ID:
1570095
Report Number(s):
SAND--2019-12011; 680102
Country of Publication:
United States
Language:
English

Similar Records

SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013
Technical Report · Mon Dec 31 23:00:00 EST 2012 · OSTI ID:1070143
Discrete Mathematical Approaches to Graph-Based Traffic Analysis
Conference · Tue Apr 01 00:00:00 EDT 2014 · OSTI ID:1222143
Intrusion Monitoring in Process Control Systems
Conference · Wed Jan 07 23:00:00 EST 2009 · OSTI ID:946141

Related Subjects

97 MATHEMATICS AND COMPUTING