Program Summary
The Department of Defense’s information technology (IT) infrastructure is made up of a large, complex network of connected local networks comprised of thousands of devices. Cyber defenders must understand and monitor the entire environment to defend it effectively. Toward this end, cyber-defenders work to correlate and understand the information contained in log files, executable files, databases of varying formats, directory structures, communication paths, file and message headers, as well as in the volatile and non-volatile memory of the devices on the network. Meanwhile, adversaries increasingly use targeted attacks that disguise attacks as legitimate actions, making discovery far more difficult. It is within this complicated web of networked systems that cyber defenders must find targeted cyber-attacks.
The Integrated Cyber Analysis System (ICAS) program aims to make system information readily useful for attack forensics and tactical cyber defense. ICAS will attempt to integrate all sources of network data in a federated database to enable reasoning across the enterprise. If successful, ICAS will provide cyber defenders with a complete, current picture of the IT environment and will reduce the time required to discover targeted attacks.