AVAILABLE 24x7
888.662.2724
AVAILABLE 24x7
(888) 66CARAH
Fast & Accurate
Request A Quote
Quick Response
Chat With Us
Case Study: Digital Masking Detection
DeepDecision® successfully identified digital masking from threat actors by generating synthetic data to fill in real-world data gaps
The Challenge
- • Intelligence Community partner required assistance in identifying adversarial digital masking attempts
- • Customer constrained by gaps in real-world data sets, needed realistic synthetic data to help generate more comprehensive view of actor behavior and deviations from baseline norms
- • Given standard network packet information, DeepDecision® asked to identify potential threat actors
DeepDecision®
- • DeepDecision® automated Generative Processing and Dimensional Reduction capabilities created 200 features and distinct actor behavioral groupings
- • Data immediately clustered into two primary behavioral groups, characterized by normal consumer behavior and seemingly contrived consumer behavior
- • Distinct sub-clusters also emerged, defined by comparative deltas in internal vs. external network traffic
The Results
- • Large Signal Model (LSM) technology is regulatory compliant, with statistically significant outputs
- • Industry leading platform at identifying actors/users pretending to be others
- • AI infrastructure tuned to analogous digital signature challenges
- • Deep experience aggregating holistic digital footprint signals & identifying anomalous behavior clusters
DeepDecision® ingested data files provided by customer, enabled immediate cluster group identification & analysis
Root data files provided by Customer
| File | Description |
|---|---|
| ID_to_IP.xlsx | Lookup table to understand which device the PCAP data belongs to |
| network_data.csv | PCAP header information only - This is header data from network_data.pcap |
| network_data.pcap | Comprehensive PCAP information |
| location_dataset.json | X, Y, timestamp, & app-level device data |
DeepDecision® Summary Processes
- 1. Network.data.pcap (PCAP) file converted to JSON
- 2. PCAP JSON file filtered down to JSONL
- 3. JSONL file processed by DeepDecision® - 1,454,535 records processed
- 4. Encrypted data purged
- 5. 200 critical fields processed
Actor behavioral groupings emerged, based on Dimensional Reduction & Generative Processing
Cluster group analysis illustrated obvious behavioral deltas between groups & exposed digital masking
Operational conclusion - Actor profiles demonstrative of digital masking can be easily exposed, as well as associated sources, methods, & tactics
- 1. Two large cluster groups emerged, defined by normative vs. seemingly contrived consumer behavioral patterns
- 2. Each cluster group included two sub-cluster groups, marked by comparative deltas in internal vs. external network traffic
- 3. Specifically, some actor personas found within sub-cluster groups did not demonstrate behavior indicative of “real-world” network traffic
- 4. Generative processing and dimensional reduction enabled dynamic and immediate identification of anomalous personas and spatial separation between all groups