ADELPHI, Md. (Feb. 12, 2016) -- Network defense collaborations between university and U.S. Army researchers have led to a best paper award at a recent technology security conference.
A team composed of members from the U.S. Army Research Laboratory and Carnegie Mellon University are pursuing a novel way to use technology that eases the detection burden on analysts that monitor networks around the clock.
The Semantic Technology for Intelligence, Defense and Security, or STIDS, special session brought lead author Noam Ben-Asher from ARL and others from the Cyber Security Research Alliance to Fairfax, Virginia, to receive the award for writing about their holistic approach for understanding and simulating human decision.
"The idea behind 'ontology-based adaptive systems of cyber defense' is to describe real-world network traffic and to demonstrate the combination of ontology and reasoning of the person monitoring the network to better detect malicious port scanning within network traffic," said Robert Erbacher of ARL's Network Security.
"We provided the network security expertise," Erbacher said. "Our academic partners come from the cognitive side, with expertise in cognitive modelling and building the ontology.
"Ideally, the new tool will identify common red flags so that analysts' time and intuition could be used deciphering the unrecognizable concerns."
"This kind of research is breaking new ground in detection," Erbacher said. "People have tried for 30 years to address the cognitive aspect of analysis. This is a completely novel direction for approaching the problem."
"The next step for this fundamental research is to take the example that the team has demonstrated and adapt it for more tangled scenarios that include complex datasets and more extensive threats," he said.
"It is a difficult undertaking to go from cognitive modeling to detection."
This is part of the psychosocial research that integrates human factors in system design for the Cyber Security Research Alliance's areas of interest -- risk, detection and agility.
The alliance includes ARL; the U.S. Army Communications-Electronics Research, Development and Engineering Center; academia and industry researchers who are exploring cyber science in the context of Army networks.
"The objective is to develop a fundamental understanding of the underpinning science of cyber security," Erbacher said.
The ontology study is one of many that the group uses to explore cyber phenomena, including aspects of human attackers, cyber defenders and end users.
The U.S. Army Research Laboratory is part of the U.S. Army Research, Development and Engineering Command, which has the mission to ensure decisive overmatch for unified land operations to empower the Army, the joint Warfighter and our nation. RDECOM is a major subordinate command of the U.S. Army Materiel Command.