cyber analytics n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Cyber Analytics PowerPoint Presentation
Download Presentation
Cyber Analytics

Loading in 2 Seconds...

play fullscreen
1 / 14

Cyber Analytics - PowerPoint PPT Presentation


  • 327 Views
  • Uploaded on

PNNL-SA-64942. Cyber Analytics. Challenges and Solutions for Computer Security Glenn A. Fink, Ph.D. Adaptive Systems Focus Lead Information and Infrastructure Integrity Initiative ( I4 ). What is Cyber Analytics?. Cyber, adj. : Of or relating to computers and computer networks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Cyber Analytics' - jam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cyber analytics

PNNL-SA-64942

Cyber Analytics

Challenges and Solutions for Computer Security

Glenn A. Fink, Ph.D.

Adaptive Systems Focus Lead

Information and Infrastructure Integrity Initiative (I4)

what is cyber analytics
What is Cyber Analytics?

PNNL-SA-64942

  • Cyber, adj.: Of or relating to computers andcomputer networks
  • Analytics, n.: The science of analysis
    • Science: Knowledge about a system based on comparing observations to theoretical models
    • Analysis: The process of arriving at a decision based on observable facts (data)
  • Cyber Analytics:
    • Formal: Observing computer and network data, and quantifiably comparing it to theoretical behavioral models to support decision-making
    • Informal: Understanding the behavior of computers and computer networks from the data they generate
cyber analytics is one of four cornerstones for sound secure computer infrastructures

PredictiveDefense

AdaptiveSystems

TrustworthyEngineering

CyberAnalytics

Cyber Analytics is one of four cornerstones for sound, secure computer infrastructures

Anticipate and estimatepotential impact of change.

Scalable self-defending informationand infrastructures.

Increase confidence in informationand infrastructure integrity.

Decision-making using predictiveanalysis to support action.

PNNL-SA-64942

distinctive characteristics of cyber analytics
Distinctive characteristics of Cyber Analytics
  • The cyber analyst is often on or near the front lines combating intruders and enacting protection measures
  • Cyber data is massive, real-time, streaming, and often not stored
  • Cyber protocols are relatively simple and low entropy

PNNL-SA-64942

cyber analytics tells the story embedded in host and network data
Cyber Analytics tells the story embedded in host and network data

Net flows

IDS Alerts

Network Data

Packet traces

The Buzz

Multi-host data

News

Twitter

Host Data

Vendors

10101

0100110

10010

Web

Blogs

Event log

Official bulletins

Service logs

Access records

Process traces

Performance metrics

Visualization and analysis

System call traces

IDS Alarms

syslog

PNNL-SA-64942

problems massive data
Problems: Massive Data

500,000,000 records per day and growing!

You are here.

9

problems slow propagation

Legend

US-CERT (Einstein)

Data exchange

Problems: Slow propagation

Collaboration

Agency 1

Agency i

4+ day transit time!

Analysis Center 1

Analysis Center 2

Analysis Center j-1

Analysis Center j

Site 1 Security Team

Site 2 Security Team

Site 3 Security Team

Site k-1 Security Team

Site kSecurity Team

solutions multi scale analysis
Solutions:Multi-scale analysis

Processors, processes, signals

Computers, routers, devices

Networks and Internets

distributed analysis the cooperative infrastructure defense
Distributed Analysis: The Cooperative Infrastructure Defense

Humans supervise top-level agents (Sergeants) that are in charge of entire enclaves

Sergeants inform humans and set policies for lower level agents

Sentinel agents at each machine interpret policy and investigate Sensor findings

Mobile Sensor agents identify potential problems on machines and communicate via “pheromone”

PNNL-SA-64942

demonstration
Demonstration

PNNL-SA-64942

the road ahead for cyber analytics
The Road Ahead for Cyber Analytics
  • Resources needed
    • Dedicated, standard ranges, freely available
    • Reference data sets
  • Science advances needed
    • Predictive science
    • Complex-adaptive science
  • Social/legislative agenda
    • Cooperation and collaboration
    • Laws governing use of shared data sets
    • Privacy protection laws

PNNL-SA-64942

conclusions

PredictiveDefense

AdaptiveSystems

TrustworthyEngineering

CyberAnalytics

Conclusions

Anticipate and estimatepotential impact of change.

Scalable self-defending informationand infrastructures.

Increase confidence in informationand infrastructure integrity.

Decision-making using predictiveanalysis to support action.

  • PNNL is making strides defining the research area of cyber analytics
  • PNNL is investing internal money into solving key cyber analytics problems such as
    • Automated distributed collection and analysis of cyber data
    • Environments that support human collaborative analysis and resolution of emerging cyber threats

35