We report on the use of novel mathematical methods in hypergraph
analytice over a large quantity of DNS data. Hypergraphs generalize
graphs, as used in network science, to better model complex multiway relations
in cyber data. Specifically, casting DNS data from Georgia Tech's
ActiveDNS repository as hypergraphs allows us to fully represent
the interactions between {\em collections} of domains and IP addresses.
To facilitate large-scale analytics, we fielded an analytical pipeline of two capabilities.
HyperNetX (HNX) is a Python package for the exploration and visualization of
hypergraphs, acting as a frontend. For the backend, the
Chapel HyperGraph Library (CHGL) is a library for high performance hypergraph
analytics written in the exascale programming language Chapel. CHGL was used
to process gigascale DNS data, performing
compute-intensive calculations for data reduction and segmentation. Identified
portions are then sent to HNX for both exploratory analysis and knowledge
discovery targeting known tactics, techniques, and procedures.
Revised: August 6, 2020 |
Published: June 2, 2020
Citation
Joslyn C.A., S.G. Aksoy, D.L. Arendt, J.S. Firoz, L. Jenkins, B.L. Praggastis, and E. Purvine, et al. 2020.Hypergraph Analytics of Domain Name System Relationships. In Workshop on Algorithms and Models for the Web Graph (WAW 2020): Algorithms and Models for the Web Graph, September 21-22, 2020, Warsaw, Poland. Lecture Notes in Computer Science, edited by Kaminski B., Pralat P., Szufel P., 12091. Cham:Springer Nature.PNNL-SA-151833.doi:10.1007/978-3-030-48478-1_1