Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date


Creating & Sharing Value with Network Activity &Threat Correlation

  • January 2018
  • By Dr. Jamison Day (Looking Glass)
  • In this presentation, the author examines the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return on investment.
  • Network Situational Awareness
  • Publisher: LookingGlaass
  • Abstract

    Cyber threat management within an organization should include an automated cycle that leverages timely threat intelligence with both automated netflow correlation and packet-based signature detection. Automated netflow inspection can recognize interactions with resources that threat intelligence reports as malicious, alerting analysts as appropriate. Automated signature detection in network packet analysis should identify any new resources participating in malicious activity and inform netflow inspection. Automated techniques for spotting both known malicious behaviors and unknown anomalous patterns should alert analysts to investigate the identified activity. As new behavior patterns, signatures, and participating resources are discovered, these generate feedback into automated detection models.

  • Download

Part of a Collection

FloCon 2018 Presentations