Data fusion in cyber security: First order entity extraction from common cyber data

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.

Original languageEnglish (US)
Title of host publicationCyber Sensing 2012
DOIs
StatePublished - Dec 3 2012
EventCyber Sensing 2012 - Baltimore, MD, United States
Duration: Apr 24 2012Apr 25 2012

Publication series

NameProceedings of SPIE - The International Society for Optical Engineering
Volume8408
ISSN (Print)0277-786X

Other

OtherCyber Sensing 2012
CountryUnited States
CityBaltimore, MD
Period4/24/124/25/12

All Science Journal Classification (ASJC) codes

  • Electronic, Optical and Magnetic Materials
  • Condensed Matter Physics
  • Computer Science Applications
  • Applied Mathematics
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Data fusion in cyber security: First order entity extraction from common cyber data'. Together they form a unique fingerprint.

  • Cite this

    Giacobe, N. A. (2012). Data fusion in cyber security: First order entity extraction from common cyber data. In Cyber Sensing 2012 [54080E] (Proceedings of SPIE - The International Society for Optical Engineering; Vol. 8408). https://doi.org/10.1117/12.919379