【 摘 要 】

This project developed a prototype system that can rapidly differentiate between undirected cyber attacks, and those that have a more specific and concerning intent behind them. The system responds to important cyber attacks in a tactically significant way as the attack is proceeding. It is also creates a prioritized list for the human analysts allowing them to focus on the threats mostly likely to be of interest. In the recent years the volume of attacks over the internet has increased exponentially, as they have become more and more automated. The result of this is that real threats are harder and harder to distinguish from the general threat. It is possible with our current systems to identify network packets that originated from thousands of IP addresses as probing a site like LLNL in a single day. Human analysis of these threats does not result in information that can be used for tactical response because most of the attacks are short and over before the human starts the analysis. Only a very small percentage of attacks can even be evaluated manually due to the volume. This project developed methods, and prototyped tools, that can identify attacks, slow the attack down and aid in the process of prioritizing detections. The project demonstrated that such methods exist, and that practical implementations exist for modern computers and networks. We call the tools created D.I.A.G. or Determining Internet Attackers Goals.

【 预 览 】

附件列表

Files	Size	Format	View
15013916.pdf	81KB	PDF	download