Moving Big-Data Analysis from a ‘Forensic Sport’ to a ‘Contact Sport’ Using Machine Learning and Thought Diversity
ABSTRACT
Data characterization, trending, correlation, and sense making are almost always performed after the data is collected. As a result, big-data analysis is an inherently forensic (after-the-fact) process. In order for network defenders to be more effective in the big-data collection, analysis, and intelligence reporting mission space, first-order analysis (initial characterization and correlation) must be a contact sport—that is, must happen at the point and time of contact with the data—on the sensor. This paper will use actionable examples: (1) to advocate for running Machine-Learning (ML) algorithms on the sensor as it will result in more timely, more accurate (fewer false positives), automated, scalable, and usable analyses; (2) discuss why establishing thought-diverse (variety of opinions, perspectives, and positions) analytic teams to perform and produce analysis will not only result in more effective collection, analysis, and sense making, but also increase network defenders’ ability to counter and/or neuter adversaries’ ability to deny, degrade, and destabilize U.S. networks.
AUTHORS
Information Assurance Directorate National Security Agency
Dr. Aaron J. Ferguson is currently serving as the Deputy Technical Director (TD) of the Fusion, Analysis, and Mitigations (FAM) Deputy Directorate at the NSA. As TD, he is responsible for providing technical leadership to the FAM leadership team, personnel, and missions, including analytics, systems and technology analysis, and operational analysis and mitigations. Dr. Ferguson holds a B.S. in Electrical Engineering from Howard University, an M.S. in Operations Research from the University of New Haven, and an M.A. and Ph.D. in Applied Mathematics and Statistics from the University of Delaware. His personal expertise areas include machine learning, software engineering, systems engineering, and risk assessments.
Information Assurance Directorate National Security Agency
Natalie M. Evans Harris is a cybersecurity leader at the NSA, with over 14 years’ experience in the public sector. Currently, she is forward deployed to Capitol Hill as a Brookings Fellow, responsible for Senator Cory Booker’s Cyber and Technology Innovation initiatives. Prior to this deployment, she led a tradecraft development organization responsible for creating big data analytics. During her tenure with NSA, she has been responsible for developing and deploying cyber-defensive solutions to warfighters and coordinating support between the NSA and the Department of Homeland Security. In addition to her work with NSA, Ms. Evans Harris is an adjunct professor for the University of Maryland University College, where she composes and teaches information systems security courses. She holds a Master’s in Public Administration from George Washington University and two Bachelors’ of Science Degrees, Computer Science and Sociology, from the University of Maryland Eastern Shore.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
