Cyber anomaly detection: Using tabulated vectors and embedded analytics for efficient data mining

Gutierrez, Robert J.; Bauer, Kenneth W.; Boehmke, Bradley C.; Saie, Cade M.; Bihl, Trevor J.

doi:10.1177/1748301818791503

Cited by 12 publications

(28 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to the expanding variety and volume of devices in IoT CI implementations, future CI networks themselves have characteristics seen in the 3 V's (volume, variety, and velocity) of big data (Bihl, Young, & Weckman, 2016). Thus, monitoring logs and transmissions of communication devices to find threats can involve big data analytics due the massive amount of events logged (Samuelson, 2016) (Gutierrez, Bauer, Boehmke, Saie, & Bihl, 2017).…”

Section: Example Chapter -Contributed Chaptermentioning

confidence: 99%

“…Incorporating intrusion detection and prevention systems (IDPS) into industrial control networks can mitigate MAC related attacks and provide a log of events which violate access rules (Zhu & Sastry, 2010) (Xing, Srinivasan, Jose, Li, & Cheng, 2010). However, IDPS systems generally rely on coded rules, which are limited against new and novel attacks (Gutierrez, Bauer, Boehmke, Saie, & Bihl, 2017). A variety of network based routing attacks exist and these can take the form of attackers flooding, or corrupting routing information or flooding the network with replicated packets to consume bandwidth and cause communication termination (Xing, Srinivasan, Jose, Li, & Cheng, 2010).…”

Section: Software and Communication Threats And Mitigationmentioning

confidence: 99%

See 1 more Smart Citation

Security Methods for Critical Infrastructure Communications

Zobaa¹,

Bihl²

2018

Big Data Analytics in Future Power Systems

View full text Add to dashboard Cite

5.1 Introduction Critical infrastructure (CI) includes any systems and assets that are so vital that their destruction or disruption threatens lives, governments, economies, ecologies, or the social/political structure of nations (Moteff & Parfomak, 2004) (Luiijf & Klaver, 2004). Thus, CI includes, but is not limited to, power grids, water and sewage, hospitals, and transportation systems (Luiijf & Klaver, 2004). To enable monitoring and control of CI systems, industrial control networks are often used (Galloway & Hancke, 2013). Industrial control networks, conceptualized in Figure 5.1, are systems that monitor and control physical devices. Conservatively, eighty percent of US electric power utilities employ industrial control networks for monitoring and control (Fernandez & Fernandez, 2005). Of interest in industrial control networks is preventing unauthorized access to CI systems and overall reliability of the networks. Figure 5.1: Conceptualization of an Industrial Control Network (from (Goverment Accountability Office (GAO), 2008)) Increasingly, commercial network technologies are being used in industrial control networks; this increases internet pathways and cyber security risks. In many ways, extending the Internet EXAMPLE CHAPTER-Contributed chapter of Things (IoT) to include CI components can be seen as logical since IoT enabled devices can be used to monitor all components in a system, e.g. wireless enabled structural health monitoring of bridges (Hu, Wang, & Ji, 2013). However, to be useful, communication networks used for CI need to balance performance, security, reliability, availability, and

show abstract

Section: Example Chapter -Contributed Chaptermentioning

confidence: 99%

Section: Software and Communication Threats And Mitigationmentioning

confidence: 99%

Security Methods for Critical Infrastructure Communications

Zobaa¹,

Bihl²

2018

Big Data Analytics in Future Power Systems

View full text Add to dashboard Cite

show abstract

“…Additionally, due to their scale and the sensitivity of the data and operations they support, enterprise cyber security involves many layers and efforts, such as encompasses multiple, very large local networks, which have their own devices, standards, and administration. Enterprise cyber security often includes forensics analysis and security or data fusion centers to detect emerging threats [3] [4].…”

Section: Introductionmentioning

confidence: 99%

“…Since enterprise level cyber systems must provide accountability and look for emerging threats, cyber forensics of firewall and IDPS logs is a useful component of any enterprise-level cyber security operations [10]. However, the unstructuredness of cyber logs in enterprises results in significant manual analysis for cyber forensics [3] [10].…”

Section: Introductionmentioning

confidence: 99%

“…Herein, statistical and visual methods are combined into an embedded application. For this, the authors leverage their past work [3] in cyber analytics and employ a tabulated feature vector (TFV) approach to process log files and identify anomalies. In the TFV approach, log files are divided into temporal blocks and analysts are cued to blocks of interest.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Bihl

Gutierrez

Bauer

et al. 2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Forensic analysis of logs is one responsibility of an enterprise cyber defense team; inherently, this is a big data task with thousands of events possibly logged in minutes of activity. Logged events range from authorized users typing incorrect passwords to malignant threats. Log analysis is necessary to understand current threats, be proactive against emerging threats, and develop new firewall rules. This paper describes embedded analytics for log analysis, which incorporates five mechanisms: numerical, similarity, graph-based, graphical analysis, and interactive feedback. Topological Data Analysis (TDA) is introduced for log analysis with TDA providing novel graph-based similarity understanding of threats which additionally enables a feedback mechanism to further analyze log files. Using real-world firewall log data from an enterprise-level organization, our end-to-end evaluation shows the effective detection and interpretation of log anomalies via the proposed process, many of which would have otherwise been missed by traditional means.

show abstract

Smart Incident Management, Prediction Engine and Performance Enhancement

Abdelkhalki

Mohamed

2020

Innovations in Smart Cities Applications Edition 3

View full text Add to dashboard Cite

Cyber anomaly detection: Using tabulated vectors and embedded analytics for efficient data mining

Cited by 12 publications

References 62 publications

Security Methods for Critical Infrastructure Communications

Security Methods for Critical Infrastructure Communications

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Smart Incident Management, Prediction Engine and Performance Enhancement

Contact Info

Product

Resources

About