AttackTagger: Early threat Detection for Scientific Cyberinfrastructure

Cyber infrastructure that supports advanced research computing faces many challenges in defending against cyber attacks. Modest to medium research project teams have too few resources and cyber security expertise to defend against attacks and larger facilities that have security expertise are often overwhelmed with the amount of security log data they need to analyze in order to identify attacks. The AttackTagger project is designed to scale to be able to address the dramatic increase in security log data and detect emerging threat patterns. AttackTagger is a sophisticated log analysis tool designed to detect suspicious and malicious activity, such as credential theft, by building factor graph models for advanced pattern matching.