Situational awareness of network system roles (SANSR)

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

In a large enterprise it is difficult for cyber security analysts to know what services and roles every machine on the network is performing (e.g., file server, domain name server, email server). Using network flow data, already collected by most enterprises, we developed a proof-of-concept tool that discovers the roles of a system using both clustering and categorization techniques. The tool's role information would allow cyber analysts to detect consequential changes in the network, initiate incident response plans, and optimize their security posture. The results of this proof-of-concept tool proved to be quite accurate on three real data sets. We will present the algorithms used in the tool, describe the results of preliminary testing, provide visualizations of the results, and discuss areas for future work. Without this kind of situational awareness, cyber analysts cannot quickly diagnose an attack or prioritize remedial actions.

Original languageEnglish
Title of host publicationProceedings of the 12th Annual Cyber and Information Security Research Conference, CISRC 2017
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450348553
DOIs
StatePublished - Apr 4 2017
Event12th Annual Cyber and Information Security Research Conference, CISRC 2017 - Oak Ridge, United States
Duration: Apr 4 2017Apr 6 2017

Publication series

NameACM International Conference Proceeding Series

Conference

Conference12th Annual Cyber and Information Security Research Conference, CISRC 2017
Country/TerritoryUnited States
CityOak Ridge
Period04/4/1704/6/17

Keywords

  • Cyber security
  • Network behavior
  • Network monitoring
  • Situational awareness
  • Unsupervised learning

Fingerprint

Dive into the research topics of 'Situational awareness of network system roles (SANSR)'. Together they form a unique fingerprint.

Cite this