Communications of the ACM
Novel Graph Method Detects Cyberattack Patterns in Complex Computing Networks
A new framework developed by scientists at the Pacific Northwest National Laboratory and Washington State University enables users to categorize cyberattacks as graph patterns.
Credit: Pacific Northwest National Laboratory
As cybersecurity becomes an ever-greater priority for governments and businesses, the need has grown for a means to detect and identify network intrusions and cyberattacks as they emerge in real time. Scientists at the Pacific Northwest National Laboratory (PNNL) and Washington State University have developed a framework they call StreamWorks, which enables users to categorize cyberattacks as graph patterns that can be examined using a continuous search query on a single, large streaming dynamic graph.
The researchers tested their method using two real-world data sets--the online news stream from The New York Times and Internet network traffic data from the Center for Applied Internet Data Analysis--as well as a synthetic social media stream. They compared the performance of multiple combinations of query decomposition execution methods on these data sets and found their method produced efficient continuous queries with speeds up to 100 times greater than current methods.
"In the high-stakes cybersecurity domain, processing streaming updates to a dynamic graph database accumulating multiple data sources, such as network flow firewall logs, is important for realizing real-time situational awareness," says PNNL's Sutanay Choudhury.
The researchers are working to improve their method so it can be scaled for use in high-performance computing clusters.
From Pacific Northwest National Laboratory
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found