Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Physical Sciences and Mathematics
Malware Type Recognition And Cyber Situational Awareness, Thomas Dube, Richard A. Raines, Gilbert L. Peterson, Kenneth W. Bauer, Michael R. Grimaila, Steven K. Rogers
Malware Type Recognition And Cyber Situational Awareness, Thomas Dube, Richard A. Raines, Gilbert L. Peterson, Kenneth W. Bauer, Michael R. Grimaila, Steven K. Rogers
Faculty Publications
Current technologies for computer network and host defense do not provide suitable information to support strategic and tactical decision making processes. Although pattern-based malware detection is an active research area, the additional context of the type of malware can improve cyber situational awareness. This additional context is an indicator of threat capability thus allowing organizations to assess information losses and focus response actions appropriately. Malware Type Recognition (MaTR) is a research initiative extending detection technologies to provide the additional context of malware types using only static heuristics. Test results with MaTR demonstrate over a 99% accurate detection rate and 59% …
Developing Cyberspace Data Understanding Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine, Gilbert L. Peterson, Barry E. Mullins, Michael R. Grimaila
Developing Cyberspace Data Understanding Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine, Gilbert L. Peterson, Barry E. Mullins, Michael R. Grimaila
Faculty Publications
Current intrusion detection systems (IDS) generate a large number of specific alerts, but typically do not provide actionable information. Compounding this problem is the fact that many alerts are false positive alerts. This paper applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding of a host environment under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of host-based forensic data collectors. Through knowledge discovery, features are selected to project human understanding of the attack process into the IDS model. By discovering relationships between the data collected and …