Role Model Transformations for Flow Analysis in Cyberdefense
January 2016 • Presentation
In this presentation, the author shows mathematical operations that can be used to transform between and organize flow data for different role models.
In Cyberdefense tasks, analysts often are more interested in thinking in terms of other orientations for flows. For example, rather than thinking in terms of source and destination addresses, they may want to quickly filter all the traffic for a defended "local" address or pivot on a "remote" address to look at its other conversations with the enterprise. In another situation, given a conversation or set of conversations, it may be important to know the producer/consumer relationship between addresses or the size of the net import/export of data. Indeed, an analyst may well want to use multiple orientations simultaneously. In this presentation, which builds on last year's presentation on locality, we show mathematical operations that can be used to transform between and organize flow data for different role models as well as the operations used to extract and transform relevant metrics.