The Science: Business Areas
Cyber Security
Numerica is developing a mathematical and computational framework for detecting and classifying weak, distributed anomalous behavior in computer networks – anomalies that aren’t discernible at the level of an individual node. Computer nodes, such as terminals, routers, and servers, provide measurements of packet rates, user activity, CPU usage, etc. When viewed independently, it’s difficult to define underlying patterns with any certainty. Our approach fuses individual node measurements with data from across the network and across time to reveal relevant patterns.
Consider, for example, a sequence of events that individually appear innocuous (e.g. a mistyped password, a connection to an unknown internet node, or a file being downloaded), but, when viewed together, indicate the theft of critical information. Of course, such sequences of events are easy to detect if they occur on one machine in a short period of time, but detecting such patterns when each individual event occurs at diverse times on different parts of a network is substantially more challenging.
Numerica is working on several problems in this domain, including determining the kinds of patterns that can be detected by sampling only a small subset of the computers on a network, developing fast algorithms for distributed data processing, and providing rigorous probabilities when an attack is actually occurring.