Learn More
Enterprise computer networks are filled with users performing a variety of tasks, ranging from business-critical tasks to personal interest browsing. Due to this multi-modal distribution of behaviors, it is non-trivial to automatically discern which behaviors are business-relevant and which are not. Additionally, it is difficult to infer communities of(More)
We present a methodology for promoting situational awareness of an enterprise network using only network artifacts discernible from network protocol logs. We utilized latent Dirichlet allocation (LDA) over two corpora, the first composed of search queries and the second composed of external domain names issued by enterprise users through the network proxy(More)
We present the GOSMR architecture, a modular agent architecture designed to actuate web browsers and other network applications, and demonstrate the importance of modeling how users think about the past and future in accurately modeling network traffic. The architecture separates the hierarchical generation of goals and incentives (Behaviors) from(More)
We present a method for detecting when a user’s remote access account has been compromised in such a way that an attacker model can be learned during operations. A Naive Bayes model is built for each user that stores the likelihood for each remote session based on a variety of features available in the access logs. During operation, we leverage Expectation(More)
Moving target (MT) technologies seek to protect cyber systems by making them less homogenous, less static, and less deterministic in order to increase the complexity required for a successful cyber attack. While such technologies provide a promising avenue for defense, they are often associated with significant performance costs. Therefore, it is necessary(More)
We demonstrate that psychological models of utility discounting can explain the pattern of increased hits to weather websites in the days preceding a predicted weather disaster. We parsed the HTTP request lines issued by the web proxy for a mid-sized enterprise leading up to a hurricane, filtering for visits to weather-oriented websites. We fit four(More)
  • 1