Date of Award


Document Type


Degree Name

Master of Science


Department of Electrical and Computer Engineering

First Advisor

Brian G. Woolley, PhD, PhD.


As large-scale Cyber attacks become more sophisticated, local network defenders should employ strength-in-numbers to achieve mission success. Group collaboration reduces individual efforts to analyze and assess network traffic. Network defenders must evolve from an isolated defense in sector policy and move toward a collaborative strength-in-numbers defense policy that rethinks traditional network boundaries. Such a policy incorporates a network watch ap-proach to global threat defense, where local defenders share the occurrence of local threats in real-time across network security boundaries, increases Cyber Situation Awareness (CSA) and provides localized decision-support. A single layer feed forward artificial neural network (ANN) is employed as a global threat event recommender system (GTERS) that learns expert-based threat mitigation decisions. The system combines the occurrence of local threat events into a unified global event situation, forming a global policy that allows the flexibility of various local policy interpretations of the global event. Such flexibility enables a Linux based network defender to ignore windows-specific threats while focusing on Linux threats in real-time. In this thesis, the GTERS is shown to effectively encode an arbitrary policy with 99.7% accuracy based on five threat-severity levels and achieves a generalization accuracy of 96.35% using four distinct participants and 9-fold cross-validation.

AFIT Designator


DTIC Accession Number