Most of the research in cyber exploitation has focused on the identification of attacks, attackers, and their devices. Many tools exist for device profiling, malware identification, user attribution, and attack analysis. However, most of the tools are intrusive, sensitive to data obfuscation, or provide anomaly flagging and not able to correctly classify the semantics and causes of network activities. In this paper, we review existing solutions that can identify functional and social roles of entities in cyberspace, discuss their weaknesses, and propose an approach for developing functional and social layers of cyber battle maps.
ACCESS THE FULL ARTICLE
Georgiy Levchuk, "Function and activity classification in network traffic data: existing methods, their weaknesses, and a path forward," Proc. SPIE 9850, Machine Intelligence and Bio-inspired Computation: Theory and Applications X, 985004 (12 May 2016);