m&ms4graphs: multi-scale, multi-dimensional graph ... · m&ms4graphs: multi-scale,...

2
M&Ms4Graphs: Multi-scale, Multi-dimensional Graph Analytics Tools for Cyber-Security Objective We developed graph-theoretic models to characterize an complex cyber system at multiple scales. The models will be used to provide continuous metrics-based updates to drive an asymmetric resilient infrastructure. The algorithms in the software framework include multi-scale graph modeling, spectral analysis, role mining, shortest- path, and analysis of graph models. Approach We are modeling the key behavioral aspects of a system by studying the information flow across hosts as large- scale, dynamic graphs. We adapted a novel, multi-scale approach for continuously updating the graph-based model with local information and enable very fast computation of essential security postures and cost/benefit metrics. By accounting for both the connectivity structure of the graph (who talks to whom) and the attributes of the communication (using which protocol, how often, how long), we are able to create a comprehensive model that describes the behavior ranging from micro- (host level) to macro-scale (enterprise level). Achievements • Major release of Graph Library - Exhibit at GraphLab Conference, July 2014 • Selected publications 1. “Towards A Networks-of-Networks Framework for Cyber Security.” IEEE Intelligence and Security Informatics, 2013. 2. “Towards a Multiscale Approach to Cybersecurity Modeling.” IEEE Intl. Conf. on Technologies for Homeland Security, 2013. 3. “Statistical and Hierarchical Graph Analysis for Cyber Security.” SIAM Conference on Discrete Mathematics, 2014. 4. “Frequent Subgraph Discovery in Large Attributed Streaming Graphs.” Special Issue of Journal of Machine Learning Research, 2014. Rendering of Network Traffic Data Showing Communication between IP Addresses. Each IP address is colored by a “behavioral role” learnt using machine learning techniques.

Upload: others

Post on 03-Jun-2020

19 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: M&Ms4Graphs: Multi-scale, Multi-dimensional Graph ... · M&Ms4Graphs: Multi-scale, Multi-dimensional Graph Analytics Tools for Cyber-Security Objective We developed graph-theoretic

M&Ms4Graphs: Multi-scale, Multi-dimensional Graph Analytics Tools for Cyber-Security

ObjectiveWe developed graph-theoretic models to characterize an complex cyber system at multiple scales. The models will be used to provide continuous metrics-based updates to drive an asymmetric resilient infrastructure. The algorithms in the software framework include multi-scale graph modeling, spectral analysis, role mining, shortest-path, and analysis of graph models.

ApproachWe are modeling the key behavioral aspects of a system by studying the information flow across hosts as large-scale, dynamic graphs. We adapted a novel, multi-scale approach for continuously updating the graph-based model with local information and enable very fast computation of essential security postures and cost/benefit metrics. By accounting for both the connectivity structure of the graph (who talks to whom) and the attributes of the communication (using which protocol, how often, how long), we are able to create a comprehensive model that describes the behavior ranging from micro- (host level) to macro-scale (enterprise level).

Achievements• Major release of Graph Library

- Exhibit at GraphLab Conference, July 2014

• Selected publications

1. “Towards A Networks-of-Networks Framework for Cyber Security.” IEEE Intelligence and Security Informatics, 2013.

2. “Towards a Multiscale Approach to Cybersecurity Modeling.”  IEEE Intl. Conf. on Technologies for Homeland Security, 2013.

3. “Statistical and Hierarchical Graph Analysis for Cyber Security.”  SIAM Conference on Discrete Mathematics, 2014.

4. “Frequent Subgraph Discovery in Large Attributed Streaming Graphs.” Special Issue of Journal of Machine Learning Research, 2014.

Rendering of Network Traffic Data Showing Communication between IP Addresses. Each IP address is colored by a “behavioral role” learnt using machine learning techniques.

Page 2: M&Ms4Graphs: Multi-scale, Multi-dimensional Graph ... · M&Ms4Graphs: Multi-scale, Multi-dimensional Graph Analytics Tools for Cyber-Security Objective We developed graph-theoretic

September 2014 PNNL-SA-105329

ABOUT

The Asymmetric Resilient Cybersecurity Initiative

Researchers at PNNL are delivering the theory, processes, methodologies, and algorithms that will enable a resilient cyber infrastructure with an asymmetric advantage to thwart adversaries who seek to infiltrate and damage our national security through digital means. This exploratory science in Laboratory Directed Research and Development effort is made possible by the Pacific Northwest National Laboratory through funding provided by the U.S. Department of Energy.

For more information on the science you see here, please contact:

Sutanay Choudhury Pacific Northwest National Laboratory P.O. Box 999, MSIN: J4-33 Richland, WA 99352 (509) 375-3978 [email protected]

ImpactOur work on computing data-guided metrics to inform system resiliency will provide a transformational capability for cyber analysts and defenders. We envision that our deliverables will enable a more effective and efficient method for the analysis of cyber systems against security attacks. Our methods, including analytical tools, framework, and software, will allow system analysts and defenders to gain a high level of continuous, situational awareness in a more efficient method than is available with the current state of the art.

Future WorkFY 2015 is focused on validation, verification and usability

• Validation: ensure that our algorithms and metrics support use cases offered by the reference architectures

• Verification: ensure we accomplish the dual objectives of scalability and accuracy

• Usability: our work should be deployed and used without any background in graph theory; deliver rules that abstract away graph theoretical details

• Engage early adopters and work out case studies.

Plot of Locally Biased Eigevalues of Normalized Laplacian

Using Semi-supervised Spectral Learning to Detect Local Trends