Toolkit com.ibm.streams.cybersecurity 2.1.1

General Information

The Cybersecurity Toolkit provides operators that are capable of analyzing DNS response records. The operators in this toolkit use machine learning models to analyze DNS traffic and report on suspicious behaviour.

The DomainProfiling and HostProfiling operators build profiles using windows of DNS response records and reports if the behaviour of a domain or host is suspicious compared to other domains or hosts in the network. The PredictiveBlacklisting operator uses an SPSS model to predict if a domain should be blacklisted.

The toolkit also comes with the BWListTagger operator. The operator loads black and white lists containing domains and IPs and then tags incoming domains and IPs as either being in the black list or the white list.

Network Toolkit Requirement

Applications that use the Cybersecurity Toolkit must also add the com.ibm.streamsx.network toolkit as a dependency. The Network Toolkit contains operators to ingest and parse DNS traffic. The com.ibm.streamsx.network toolkit can be downloaded from GitHub: https://github.com/IBMStreams/streamsx.network.

SPSS Toolkit

In order to use the PredictiveBlacklisting operator, applications must add the com.ibm.spss.streams.analytics as a dependency. This toolkit is available in the IBM SPSS Modeler Solution Publisher product.