Enhancing Network Visibility and Security through Tensor Analysis
The increasing size, variety, rate of growth and change, and complexity of network data has warranted advanced network analysis and services. Tools that provide automated analysis through traditional or advanced signature-based systems or machine learning classifiers suffer from practical difficulti...
Saved in:
Published in | Future generation computer systems Vol. 96; no. C; pp. 207 - 215 |
---|---|
Main Authors | , , , , |
Format | Journal Article |
Language | English |
Published |
United States
Elsevier B.V
01.07.2019
Elsevier |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The increasing size, variety, rate of growth and change, and complexity of network data has warranted advanced network analysis and services. Tools that provide automated analysis through traditional or advanced signature-based systems or machine learning classifiers suffer from practical difficulties. These tools fail to provide comprehensive and contextual insights into the network when put to practical use in operational cyber security. In this paper, we present an effective tool for network security and traffic analysis that uses high-performance data analytics based on a class of unsupervised learning algorithms called tensor decompositions. The tool aims to provide a scalable analysis of the network traffic data and also reduce the cognitive load of network analysts and be network-expert-friendly by presenting clear and actionable insights into the network.
In this paper, we demonstrate the successful use of the tool in two completely diverse operational cyber security environments, namely, (1) security operations center (SOC) for the SCinet network at the SuperComputing (SC) Conference in 2016 and 2017 and (2) Reservoir Labs’ Local Area Network (LAN). In each of these environments, we produce actionable results for cyber security specialists including (but not limited to) (1) finding malicious network traffic involving internal and external attackers using port scans, SSH brute forcing, and NTP amplification attacks, (2) uncovering obfuscated network threats such as data exfiltration using DNS port and using ICMP traffic, and (3) finding network misconfiguration and performance degradation patterns.
•CANDID - network analysis tool based on high-performance tensor decompositions.•Presents actionable insights into the network.•Demonstrated successfully in two diverse operational cyber security environments.•Finds malicious network traffic and uncovers obfuscated network threats.•Uncovers obfuscated network threats such as data exfiltration using DNS port and using ICMP traffic.•Finds network misconfiguration and performance degradation patterns. |
---|---|
Bibliography: | USDOE Office of Science (SC), Advanced Scientific Computing Research (ASCR) (SC-21) SC0017081 |
ISSN: | 0167-739X 1872-7115 |
DOI: | 10.1016/j.future.2019.01.039 |