Principal Investigators: Peter A Jarvis , Karen Myers |
AIC Program: Representation and Reasoning
Identifying attacker intent enables us to both prioritize and explain the clusters for presentation to a human intelligence analyst. Our approach is successful at handling alert clusters of up to 20 events and can readily distinguish between causally incoherent false alerts clusters and real alarms. The approach becomes computationally intractable when the number of events exceeds 20 (complexity is O(2n) where n is the number of events in a cluster). Our experiments show that the approach is unsuccessful when benign background activity is as or more coherent as attack activity.
This project is a collaboration between the AIC and Teresa Lunt at PARC.Please see the project presentation for more information