427
Mission-Focused Cyber
Situational Understanding
via Graph Analytics
Abstract: This paper describes CyGraph, a prototype tool for improving network
security posture, maintaining situational understanding in the face of cyberattacks,
and focusing on protection of mission-critical assets. CyGraph captures complex
relationships among entities in the cyber security domain, along with how mission
elements depend on cyberspace assets. Pattern-matching queries traverse the graph
of interrelations according to user-specied constraints, yielding focused clusters of
high-risk activity from the swarm of complex interrelationships. Analytic queries
are expressed in CyGraph Query Language (CyQL), a domain-specic language
for expressing graph patterns of interest, which CyGraph translates to the backend
native query language. CyGraph automatically infers the structure of its underlying
graph model through analysis of the ingested data, which it presents to the user for
generating queries in an intuitive way. CyGraph has been experimentally validated in
both enterprise and tactical military environments.
Keywords: common operating picture, situational understanding, mission assurance,
graph analytics
Steven Noel
Cyber Solutions Technical Center
The MITRE Corporation
McLean, Virginia, United States
Stephen Purdy
Software Engineering Technical Center
The MITRE Corporation
McLean, Virginia, United States
Travis Lu
Software Engineering Technical Center
The MITRE Corporation
McLean, Virginia, United States
Paul D. Rowe
Cyber Solutions Technical Center
The MITRE Corporation
McLean, Virginia, United States
Michael Limiero
Cyber Solutions Technical Center
The MITRE Corporation
McLean, Virginia, United States
Will Mathews
Cyber Solutions Technical Center
The MITRE Corporation
McLean, Virginia, United States
2018 10th International Conference on Cyber Conict
CyCon X: Maximising Eects
T. Minárik, R. Jakschis, L. Lindström (Eds.)
2018 © NATO CCD COE Publications, Tallinn
Permission to make digital or hard copies of this publication for internal
use within NATO and for personal or educational use when for non-prot or
non-commercial purposes is granted providing that copies bear this notice
and a full citation on the rst page. Any other reproduction or transmission
requires prior written permission by NATO CCD COE.
