Back to Search Results

Situ: Real-time Situational Understanding and Discovery of Cyber Attacks

Rapidly discovering novel and sophisticated cyber attacks and providing situation awareness to analysts are unsolved problems in cyber security. Researchers at ORNL have developed the Situ software platform for cyber attack discovery and situational understanding that focuses on probabilistic anomaly detection and streaming visualization. Situ scores events in real-time to define how typical an event is.

This anomaly detection approach is based on unsupervised, probabilistic modeling of data at multiple scales. The system was designed to address several challenges including (1) scaling to very high volume, heterogeneous, streaming data and (2) minimizing the time from observation to discovery to understanding. The technology includes the real-time framework for pushing scored events into a web- based visualization. This software is a combination of Nodejs, JavaScript, and HTML. No special hardware is required.

Computational Sciences and Engineering Division
Oak Ridge National Laboratory
Oak Ridge National Laboratory
Phone: (865) 241-3808
Search Home Help About InSpire