A Coordinated Approach to Cyber-Situation Awarness Based on Traffic Anomaly Detection

Funding Agency: Army Research Office (ARO), Computing and Information Sciences.

Award Number: W911NF-11-1-0227.

Principal Investigators: Yannis Paschalidis, Christos Cassandras, and Mark Crovella at Boston University, and Paul Barford at the Univ. of Wisconsin-Madison.

Project Summary

This project aims at developing a suite of anomaly detection algorithms and tools monitoring network traffic and operating both at the local (resource) level and the wider (global) network level. It will leverage recent work by the PIs on statistical temporal anomaly detection using random and Markovian models and on detecting wider network spatial anomalies based on Markovian and deterministic data-analysis approaches. Inputs from anomaly detectors and additional features will be processed by a clustering/pattern recognition approach to identify and classify specific cyber attack scenarios that can help counteraction.