Adaptive data collection and retention planning to support cyber analytics (Conference Presentation)

Georgiy M. Levchuk

doi:10.1117/12.2519104

14 May 2019 Adaptive data collection and retention planning to support cyber analytics (Conference Presentation)

Georgiy M. Levchuk

Proceedings Volume 11013, Disruptive Technologies in Information Sciences II; 1101304 (2019) https://doi.org/10.1117/12.2519104
Event: SPIE Defense + Commercial Sensing, 2019, Baltimore, MD, United States

Abstract

The amount of network traffic and host log data collected by the commercial and government organizations to maintain their security is growing every day due to proliferation of cyber sensors and security appliances. However, these huge amounts of data can no longer be stored efficiently or processed in real time. Security analysts need to make decisions about what data is most effective for current and novel attack detection, what data may be relevant to analyze in forensic mode, and what data can be aggregated and discarded without significant degradation to the enterprise security. Making these decisions manually, and reasoning about both utility of attack detection and the cost of data management, is infeasible. In this paper, we will present a model for developing a plan for data collection and archiving that adapts the sensor and storage state configuration to the analytical systems available in the organization, threats detected by those systems over time, and capacity and cost of collection and storage resources. Our planning model computes the sensor state and data archiving actions via approximate variational inference, decomposing the planning problem into perception, learning, and control, which enables tractable plan construction and incremental updates.

Conference Presentation

Citation Download Citation

Georgiy M. Levchuk "Adaptive data collection and retention planning to support cyber analytics (Conference Presentation)", Proc. SPIE 11013, Disruptive Technologies in Information Sciences II, 1101304 (14 May 2019); https://doi.org/10.1117/12.2519104

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
PRESENTATION

WATCH
PRESENTATION SAVE TO MY LIBRARY

GET CITATION

KEYWORDS

Analytics

Computer security

Data modeling

Network security

Sensors

Data archive systems

Systems modeling

Show All Keywords

RELATED CONTENT

A smart contracts-based searchable encryption scheme with forward privacy
Proceedings of SPIE (December 28 2022)

On resilience studies of system detection and recovery techniques against...
Proceedings of SPIE (May 17 2016)

Apply analytical grid processing to sensor data collections
Proceedings of SPIE (May 01 2017)

IOT honeynet for military deception and indications and warnings
Proceedings of SPIE (May 03 2018)

Intrusion Detector using Hidden Markov Model against Denial of Service...
Proceedings of SPIE (August 08 2003)

Security framework for networked storage system based on artificial immune...
Proceedings of SPIE (November 14 2007)

Research on immune storage anomaly detection via user access behavior
Proceedings of SPIE (March 19 2009)

Subscribe to Digital Library

Receive Erratum Email Alert

Show All Keywords

Keywords/Phrases

Search In:

Publication Years