Data fusion in cyber security: First order entity extraction from common cyber data

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.

Original languageEnglish (US)
Title of host publicationCyber Sensing 2012
DOIs
StatePublished - Dec 3 2012
EventCyber Sensing 2012 - Baltimore, MD, United States
Duration: Apr 24 2012Apr 25 2012

Publication series

NameProceedings of SPIE - The International Society for Optical Engineering
Volume8408
ISSN (Print)0277-786X

Other

OtherCyber Sensing 2012
CountryUnited States
CityBaltimore, MD
Period4/24/124/25/12

Fingerprint

multisensor fusion
Data Fusion
Data fusion
Fusion
First-order
inference
fusion
Data Streams
Sensors
Intrusion detection
Data Security
Metric
Sensor
Intrusion Detection
Leverage
Exploitation
Process Model
Jump
Refinement
sensors

All Science Journal Classification (ASJC) codes

  • Electronic, Optical and Magnetic Materials
  • Condensed Matter Physics
  • Computer Science Applications
  • Applied Mathematics
  • Electrical and Electronic Engineering

Cite this

Giacobe, N. A. (2012). Data fusion in cyber security: First order entity extraction from common cyber data. In Cyber Sensing 2012 [54080E] (Proceedings of SPIE - The International Society for Optical Engineering; Vol. 8408). https://doi.org/10.1117/12.919379
Giacobe, Nicklaus A. / Data fusion in cyber security : First order entity extraction from common cyber data. Cyber Sensing 2012. 2012. (Proceedings of SPIE - The International Society for Optical Engineering).
@inproceedings{0eb1db10fc6940aca2f1885ed04d57c3,
title = "Data fusion in cyber security: First order entity extraction from common cyber data",
abstract = "The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.",
author = "Giacobe, {Nicklaus A.}",
year = "2012",
month = "12",
day = "3",
doi = "10.1117/12.919379",
language = "English (US)",
isbn = "9780819490865",
series = "Proceedings of SPIE - The International Society for Optical Engineering",
booktitle = "Cyber Sensing 2012",

}

Giacobe, NA 2012, Data fusion in cyber security: First order entity extraction from common cyber data. in Cyber Sensing 2012., 54080E, Proceedings of SPIE - The International Society for Optical Engineering, vol. 8408, Cyber Sensing 2012, Baltimore, MD, United States, 4/24/12. https://doi.org/10.1117/12.919379

Data fusion in cyber security : First order entity extraction from common cyber data. / Giacobe, Nicklaus A.

Cyber Sensing 2012. 2012. 54080E (Proceedings of SPIE - The International Society for Optical Engineering; Vol. 8408).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Data fusion in cyber security

T2 - First order entity extraction from common cyber data

AU - Giacobe, Nicklaus A.

PY - 2012/12/3

Y1 - 2012/12/3

N2 - The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.

AB - The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.

UR - http://www.scopus.com/inward/record.url?scp=84870156116&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84870156116&partnerID=8YFLogxK

U2 - 10.1117/12.919379

DO - 10.1117/12.919379

M3 - Conference contribution

AN - SCOPUS:84870156116

SN - 9780819490865

T3 - Proceedings of SPIE - The International Society for Optical Engineering

BT - Cyber Sensing 2012

ER -

Giacobe NA. Data fusion in cyber security: First order entity extraction from common cyber data. In Cyber Sensing 2012. 2012. 54080E. (Proceedings of SPIE - The International Society for Optical Engineering). https://doi.org/10.1117/12.919379