Determining Viability of Deep Learning on Cybersecurity Log Analytics

The Department of Defense currently maintains a network known as the Defense Research Engineering Network (DREN), which provides various Department of Defense (DoD) sites across the nation connectivity to HPC resource centers. To ensure the security of the DREN system, a defense system known as the Cybersecurity Environment for Detection, Analysis, and Reporting (CEDAR) was created. CEDAR contains a variety of cybersecurity sensors, which constantly monitor and record real time network activity on the DREN. Over time, CEDAR has accumulated massive quantities of valuable cybersecurity data, which necessitates a form of automation in the process of reviewing this data. We propose the application of deep learning techniques to CEDAR data in an attempt to automatically detect potentially malicious activity in a more agile and adaptable manner. These deep learning techniques can be carried out in a high performance computing (HPC) environment, allowing for the rapid utilization of large amounts of data. Our most effective model is able to classify CEDAR alerts as malicious with an accuracy sufficient to greatly reduce human analyst workloads.