Cyber Incident Response Aided by Neural Networks and Visual Analytics

The world security context is changing more than ever. Military interest has shifted from the conventional means of warfare to that of cyber warfare. The most potent nations have entire armies that are watching the international cyberspace for anomalies. And these forces are ready to intervene for keeping peace at home or for an enemy nation. The international interest in exploit development has risen significantly. And has gone from an underground activity of a group of hackers to a semi-covert operation of a governmental agency [1]. In this context, where over 70 exabytes of data are moved over the internet, per month [2], and the level of significant cyber-attacks is almost 43 million per year [3] the sheer number of security events a SIEM operator has to triage can be impressive and overwhelming. This is why a human operator has to be helped by technology. This is where neural networks can bring a huge plus for detecting previously unknown attacks and zero-day exploits. And visual analytics to help a human being understand and process the huge volume of information coming to him, by presenting it in a cognitive fashion that helps him better understand and classify it in the correct context. Both of the concepts evoked are presented in this paper, the detection algorithm based on neural networks and the scientific representation scheme based on visual analytics.