A Study of Gaps in Network Knowledge Synthesis

Abstract : Network knowledge synthesis (NKS) refers to effective use of network defense information for cyber assessment and management. The vision of NKS is to achieve better informed situational awareness leading to superior cyber defense. Five major components are necessary to achieve this vision: sensor placement, data collection, data filtering, data analysis and sense making, and information sharing. By reviewing the state of the art for each of these components, we identify high-priority, short-term research objectives for NKS components, which include collection of small, indicative, and symptomatic network data; connecting identities at multiple layers; ensuring the authenticity of collected data; identifying the ideal semantic layer for each type of data; developing scalable and decentralized filters; developing fast analysis algorithms that can operate in a malicious environment; testing such algorithms in real-world networks; and sharing properly anonymized network knowledge rather than raw data. These efforts will constitute the basic blocks of an effective NKS system.