In cyber operations, understanding the network must encompass address spaces, topologies, hardware and software, defensive systems, and the data streams traversing the network. Network complexity, dynamics, and opacity make this an extremely challenging problem.
BAE Systems addresses this problem with products that enable real-time network understanding. These products use sensors and stochastic methods to gain awareness and construct network models. This real-time capability is essential to overcoming the uncertainty inherent in modeling dynamic systems. Products in this suite include:
BINSEER
This stochastic classifier identifies hardware and software components based on a stream of packets. It uses supervised training and advanced decision processes to produce probabilistic classifications under uncertain conditions. BinSeer’s built-in anomaly detection enables it to classify systems as unknown, rather than forcing them into the nearest category, no matter how poor the fit.
NETSEER
This network intelligence, surveillance, and reconnaissance agent incorporates BinSeer as a sensor. It observes network traffic, using BinSeer to identify specific network hardware and software components and to populate a network model. Like BinSeer, the NetSeer models are stochastic, expressing all facts as probabilities. A truth maintenance system embedded in NetSeer can perform inferences against the network model, allowing NetSeer to enhance the model by identifying network structures, such as the locations of servers, routers, or switches; or by recognizing events of interest, such as a new machine appearing on the network. NetSeer can be integrated with actuators that can perform specific functions on the host or network. Coupled to a goal-seeking module, these actuators enable NetSeer to invoke actions based on their expected utility.
These capabilities provide the foundation for next-generation cyber defense and advanced computer network operations. Network understanding is essential for ensuring U.S. civilian and military cybersecurity.
