12 May 2016 Function and activity classification in network traffic data: existing methods, their weaknesses, and a path forward
Author Affiliations +
Abstract
The cyber spaces are increasingly becoming the battlefields between friendly and adversary forces, with normal users caught in the middle. Accordingly, planners of enterprise defensive policies and offensive cyber missions alike have an essential goal to minimize the impact of their own actions and adversaries’ attacks on normal operations of the commercial and government networks. To do this, the cyber analysis need accurate "cyber battle maps", where the functions, roles, and activities of individual and groups of devices and users are accurately identified.

Most of the research in cyber exploitation has focused on the identification of attacks, attackers, and their devices. Many tools exist for device profiling, malware identification, user attribution, and attack analysis. However, most of the tools are intrusive, sensitive to data obfuscation, or provide anomaly flagging and not able to correctly classify the semantics and causes of network activities. In this paper, we review existing solutions that can identify functional and social roles of entities in cyberspace, discuss their weaknesses, and propose an approach for developing functional and social layers of cyber battle maps.
© (2016) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Georgiy Levchuk, Georgiy Levchuk, } "Function and activity classification in network traffic data: existing methods, their weaknesses, and a path forward", Proc. SPIE 9850, Machine Intelligence and Bio-inspired Computation: Theory and Applications X, 985004 (12 May 2016); doi: 10.1117/12.2225949; https://doi.org/10.1117/12.2225949
PROCEEDINGS
13 PAGES


SHARE
RELATED CONTENT


Back to Top