Situational Awareness Analysis Tools for Aiding Discovery of Security Events and Patterns

Abstract : The goal of the effort was to develop a comprehensive situational awareness analysis tool for discovery of intrusive behavior in information infrastructures and understanding anomalous network traffic. The University of Minnesota team has developed a comprehensive, multi-stage analysis framework which provides tools and analysis methodologies to aid cyber security analysts in improving the quality and productivity of their analyses. It consists of several components: various Level-I sensors and analysis modules for detecting suspicious or anomalous events and activities, the output of which are then fed into a multi-step Level-II analysis system - the core of the analysis framework - that correlate and fuse Level-I sensor data and alerts, extract likely attack contexts and produce sequences of attack events to build a plausible attack scenario.