|
Cyber threat hunting is
defined in current standards as a proactive search capability in
organizational systems to search, detect, track, identify, and disrupt
advanced persistent cyber threats. The Cyberspace Threat Discovery Module
(CTDM) is an integrated approach that addresses the various functions which
need to be integrated into a complete real-time analysis process.
A Combatant
ship’s Navigation enclave supports many critical ship missions from
navigation and maneuver in restricted, shallow,
hazardous, or congested waterspace to support for
weapons engagements. For Air warfare, precisely timed and highly accurate
initialization of SM-x is critical for successful guidance. For Land and
Surface warfare, transfer alignment of ship’s aircraft and cruise missiles
is critical. For Space, it must provide very exacting stabilization
parameters for radar beam pointing with little to no noise anomalies.
CTDM is
innovative in several ways:
·
Newly invented Data Fusion (DF) Artificial
Intelligence (AI) algorithms infer attack behavior from observations and
features of ownforce assets. This way, when a
zero-day (never seen before) attack occurs, the DF algorithms will still
detect the effects even though the cause is initially unknown. Typical cyber threat detection products
have signature-based threat detection. Catching threats by signatures is
like trying to catch burglars by fingerprinting every surface of a city.
·
The DF can produce multiple hypotheses yet
keep the operator’s decision space tractable because each hypothesis has a
mathematically rigorous likelihood ratio that can be used to filter,
screen, threshold, and prioritize the cyberspace situational display.
·
The DF algorithms are informed by a formal
ontology populated with authoritative cyberspace knowledge such as CAPEC™
and ATT&CK®.
·
Novel adaptation of patented IBSM Level 4
data fusion algorithm to optimize cyberspace expected information value
rate.
Never before sophisticated Level 0-4 DF and ontology
applied to realtime shipboard Industrial Control
System (ICS) environment. Integration of a widely used Commercial Off The Shelf (COTS) cyber product (Elastic) with
state-of-the art scientific DF algorithms.
|
