Cyber Security and Information Systems Information Analysis Center
The mature signature-based intrusion detection technology has been the first line of defense in the cyberspace. However, due to the perpetual cat-and-mouse game and asymmetry natures of cybersecurity, high-risk assets susceptible to advanced persistent threats need to be equipped with proactive defense mechanisms, beyond the conventional reactive Read More
The ability for commanders to know and understand an organizational attack surface, its vulnerabilities, and associated risks is a fundamental aspect of command decision-making. In the cyberspace domain, ongoing monitoring sufficient to ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, by assessing security Read More
Cyber Physical Systems (CPSs) are electronic control systems that control physical machines such as motors and valves in an industrial plant. In a networked environment, the security of the physical machines depends on the security of the electronic control systems, but cybersecurity is not typically the main design concern. The main concern for CPSs is the Read More
Abstract Modern day detection of cyber threats is a highly manual process where teams of human analysts flag suspicious events while using assistive tools such as Bro and Snort. It is the analysts’ ability to discern suspicious activity and authority to make decisions on threats that place humans into central roles in the threat detection process. However, o Read More
Machine learning for network intrusion detection is an area of ongoing and active research (see references in [1] for a representative selection), however nearly all results in this area are empirical in nature, and despite the significant amount of work that has been performed in this area, very few such systems have received nearly the widespread support Read More
Abstract: For military networks and systems, the cyber domain is ever-increasingly contested and congested space. Defenders of these systems must fight through adversary action in complex tactical and strategic environments. Just now completing its third year, the Cyber-Security Collaborative Research Alliance has sought to develop approaches for Read More
The U.S. Army Research Laboratory (ARL) received the first salvos in the battle for cybersecurity as early as three decades ago. In terms of technology history, it was an astonishingly long time ago. Before most people ever heard of the Internet. Before there were web browsers. Long before the smartphones. Back in 1986, the laboratory withstood attacks by Read More
The Department of Defense currently depends upon static cyber defense systems. Adversaries can plan their attacks carefully over time by relying on the static nature of our networks, and launch their attacks at the times and places of their choosing. The DoD needs new tools and technologies to reverse the current asymmetry that favors our cyber adversaries, Read More
Configuration is the glue for logically integrating network components to satisfy end-to-end requirements on security and functionality. Every component has a finite number of configuration variables that are set to definite values. It is well-documented that configuration errors are responsible for 50%-80% of network vulnerabilities and downtime and it can Read More
The U.S. government's intrusion detection and prevention program known as Einstein has limited ability to detect breaches of federal information systems, according to a new Government Accountability Office report. Read More
