Cyber threat hunting is
defined in current standards as a proactive search capability in
organizational systems to search, detect, track, identify, and disrupt advanced
persistent cyber threats. The Cyberspace Threat Discovery Module (CTDM) is
an integrated approach that addresses the various functions which need to
be integrated into a complete real-time analysis process.
A Combatant
ship’s Navigation enclave supports many critical ship missions from
navigation and maneuver in restricted, shallow, hazardous, or congested waterspace to support for weapons engagements. For Air
warfare, precisely timed and highly accurate initialization of SM-x is
critical for successful guidance. For Land and Surface warfare, transfer
alignment of ship’s aircraft and cruise missiles is critical. For Space, it
must provide very exacting stabilization parameters for radar beam pointing
with little to no noise anomalies.
CTDM is
innovative in several ways:
·
Newly invented Data Fusion (DF) Artificial
Intelligence (AI) algorithms infer attack behavior from observations and
features of ownforce assets. This way, when a
zero-day (never seen before) attack occurs, the DF algorithms will still
detect the effects even though the cause is initially unknown. Typical cyber threat detection products
have signature-based threat detection. Catching threats by signatures is
like trying to catch burglars by fingerprinting every surface of a city.
·
The DF can produce multiple hypotheses yet
keep the operator’s decision space tractable because each hypothesis has a
mathematically rigorous likelihood ratio that can be used to filter,
screen, threshold, and prioritize the cyberspace situational display.
·
The DF algorithms are informed by a formal
ontology populated with authoritative cyberspace knowledge such as CAPEC™
and ATT&CK®.
·
Novel adaptation of patented IBSM Level 4
data fusion algorithm to optimize cyberspace expected information value
rate.
Never before
sophisticated Level 0-4 DF and ontology applied to realtime
shipboard Industrial Control System (ICS) environment. Integration of a
widely used Commercial Off The Shelf (COTS) cyber product (Elastic) with
state-of-the art scientific DF algorithms.
|