UNCOVER: Understanding Network data for COnquest against adVERsaries

Network data (e.g., high-level summary data, flow-level data, packet-level data) can be collected by: communicating hosts, switching devices, and stand-alone measurement devices that tap transmission links. This data can be used to identify: communicating entities, types of data being exchanged, intrusions, configuration errors, etc. This project will uncover new network data analytics as well as provide both human and machine interfaces to those analytics. The human interface will be through visualizations and alerts that will be defined. The machine interface will be through a software defined network analytics architecture we will define.

The project objectives are:

1.     Uncover multi-level techniques that identify a variety of network events in real-time (e.g., intrusions, configuration errors)

2.     Define real-time multi-level network data visualizations that empower rapid exploratory network data analysis [human interface]

3.     Define a software defined network analytics architecture [machine interface]

The data analytics and visualizations developed for this project will follow a multi-level approach both to the measurement data utilized (e.g., packet vs. flow) and how the data is presented to the user.