Research Summaries

Back Cyber Threat Detection and Cyber Hunting

Fiscal Year 2014
Division Research & Sponsored Programs
Department Naval Research Program
Investigator(s) Gallup, Shelley P.
Sponsor NPS Naval Research Program (Navy)
Summary Question 1: How can cyber threats be identified and characterized?
Using GINA, we will structure a series of separate real-time network monitoring capabilities into a single, cohesive SoS. The result will be a GINA information model for network behavior that will: 1) Provide geospatial and visual analytics to enhance situational awareness of threats, 2) prioritize threats and easily automate simple and complex response efforts based on modeled TTP, and 3) enable real-time cyber threat awareness for net managers.
Question 2: How can existing threat detection be consolidated and extended?
GINA will be used to model the semantics of incoming messages so that all threats of a particular type can be discovered semantically, eliminating one of the most problematic sources of complexity in detecting threats: interpretation of the functionally infinite semantic variations of incoming messages. The goal of this task will be to implement this semantic analysis capability.
Question 3: How can cyber threats be eliminated?
The ultimate goal is the creation of alternative universes in which cyber criminals can be embedded, and where their behavior be controlled. By structuring a series of information objects from constituent subsystems in a GINA net-centric model, it is possible to model the behavior of: 1) the users and machines and the services utilized by those users, 2) the software that is in place, and 3) their appropriate interaction of users and the network. The result is that these information models enable the network to have specific behavior for specified behave users.
Question 4: How can Filters and Data Capture extend threat management?
Although blocking techniques have their value, they do not enable the system to respond as threats evolve. Doing so requires the capture of potential threat behavior so that the evolution of threats can be tracked, and ultimately stopped. Implementation of GINA would allow cyber personnel from DoD, OHS, and other agencies to understand all traffic and threats.
Keywords
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal