Navy SBIR FY2014.1
||Navy SBIR FY2014.1|
||Barnstorm Research Corporation|
65 Bower St
Malden, Massachusetts 02148
||Security Information and Event Management (SIEM) systems are only able to support static
analysis based on predefined event rules. Instead, a flexible user-programmable information
triage approach is needed tha can process the volume, variety and velocity of all relevant internal
and external data. Bonsai will provide security managers the ability to quickly craft data triage
workflows using natural language expressions
+ Guide the user to alternate between two broad categories of short natural language queries:
ones that narrow collection and ones tha expand it. Alternating narrowing and expanding queries are
naturally composable, and produce expressive sequences.
+ Translate into Language Integrated Query each natural language query in the sequence.
LIQ was developed from strong mathematical foundations that guarantee composability, and can
translate into most major databases, streaming data and unstructured data query frameworks
We will demonstrate the value of Bonsai in relevant scenario such as a potential phishing attack.
Bonsai will combine and triage textual sources (such as emails or webpages), structured sources
such as networking logs and semistructured sources such as new threat information.
To enhance commercialization potential, Bonsai will operate on the data in-situ, and will integrate its
components using the http protocol and RESTful interfaces.|
||Enable faster detection of network intrusions by making it easy for the front line IT security manager to quickly create new workflows to identify malicious operations.|