Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library


Role Model Transformations for Flow Analysis in Cyberdefense

  • Abstract

    In Cyberdefense tasks, analysts often are more interested in thinking in terms of other orientations for flows. For example, rather than thinking in terms of source and destination addresses, they may want to quickly filter all the traffic for a defended "local" address or pivot on a "remote" address to look at its other conversations with the enterprise. In another situation, given a conversation or set of conversations, it may be important to know the producer/consumer relationship between addresses or the size of the net import/export of data. Indeed, an analyst may well want to use multiple orientations simultaneously. In this presentation, which builds on last year's presentation on locality, we show mathematical operations that can be used to transform between and organize flow data for different role models as well as the operations used to extract and transform relevant metrics.

  • Download

Part of a Collection

FloCon 2016 Presentations