2024-10-23 パシフィック・ノースウェスト国立研究所(PNNL)
<関連情報>
- https://www.pnnl.gov/news-media/researchers-eye-topological-signatures-cyber-threats
- https://www.govinfo.gov/app/details/GPO-TNW-25-1-2024/GPO-TNW-25-1-2024-2
フラットランドからの一歩: サイバー・ハイパーグラフにおけるトポロジカル構造としての行動パターンの発見
Stepping Out of Flatland: Discovering Behavior Patterns as Topological Structures in Cyber Hypergraph
Helen Jenne, Sinan G. Aksoy, Daniel M. Best, Alyson Bittner, Gregory Henselman-petrusek, Cliff Joslyn, Bill Kay, Audun Myers, Garret Seppala, Jackson Warley, Stephen J. Young, Emilie Purvine
The Next Wave Date Issued:April 9, 2024
Data breaches and ransomware attacks occur so often that they have become part of our daily news cycle. Last year, 1,802 data compromises affected 422 million people [1]. In a 2022 op-ed co-written by the Cybersecurity and Infrastructure Security Agency Director and National Cyber Director, they described the omnipresent threat of cyberattacks as “the new normal,” writing that in the modern landscape of complex cyber threats, “our shields will likely be up for the foreseeable future” [2]. This is due to a myriad of factors, including the increasing number of Internet-of-Things devices, shift to remote work during the pandemic, and advancement in adversarial techniques—all of which contribute to the increase in both the complexity of data captured and the challenge of protecting our networks. At the same time, cyber research has made strides, leveraging advances in machine learning and natural language processing to focus on identifying sophisticated attacks that are known to evade conventional measures. While successful, the shortcomings of these methods, particularly the lack of interpretability, are inherent and difficult to overcome. Consequently, there is an ever-increasing need to develop new tools for analyzing cyber data to enable more effective attack detection. In this article, we present a novel framework based in the theory of hypergraphs and topology to understand data from cyber networks through topological signatures, which are both flexible and can be traced back to the log data. While our approach’s mathematical grounding requires some technical development, this pays off in interpretability, which we will demonstrate with concrete examples in a large-scale cyber network dataset. These examples are an introduction to the broader possibilities that lie ahead; our goal is to demonstrate the value of applying methods from the burgeoning fields of hypernetwork science and applied topology to understand relationships among behaviors in cyber data.
