Share Email Print
cover

Proceedings Paper

Function and activity classification in network traffic data: existing methods, their weaknesses, and a path forward
Author(s): Georgiy Levchuk
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

The cyber spaces are increasingly becoming the battlefields between friendly and adversary forces, with normal users caught in the middle. Accordingly, planners of enterprise defensive policies and offensive cyber missions alike have an essential goal to minimize the impact of their own actions and adversaries’ attacks on normal operations of the commercial and government networks. To do this, the cyber analysis need accurate "cyber battle maps", where the functions, roles, and activities of individual and groups of devices and users are accurately identified.

Most of the research in cyber exploitation has focused on the identification of attacks, attackers, and their devices. Many tools exist for device profiling, malware identification, user attribution, and attack analysis. However, most of the tools are intrusive, sensitive to data obfuscation, or provide anomaly flagging and not able to correctly classify the semantics and causes of network activities. In this paper, we review existing solutions that can identify functional and social roles of entities in cyberspace, discuss their weaknesses, and propose an approach for developing functional and social layers of cyber battle maps.

Paper Details

Date Published: 12 May 2016
PDF: 13 pages
Proc. SPIE 9850, Machine Intelligence and Bio-inspired Computation: Theory and Applications X, 985004 (12 May 2016); doi: 10.1117/12.2225949
Show Author Affiliations
Georgiy Levchuk, Aptima, Inc. (United States)


Published in SPIE Proceedings Vol. 9850:
Machine Intelligence and Bio-inspired Computation: Theory and Applications X
Misty Blowers; Jonathan Williams; Russell D. Hall, Editor(s)

© SPIE. Terms of Use
Back to Top