Craig Jacobik

Kartikeya Sharma, Craig Jacobik

In light of rising cybersecurity threats, data center providers face growing pressure to protect their own management infrastructure from Distributed Denial-of-Service (DDoS) attacks. While tenant-managed cages generally fall outside the data center's direct security purview, a successful DDoS assault on core provider systems can indirectly disrupt network services. To address this availability assault, the authors developed a Graph Neural Network (GNN) based detection system which leverages Graph U-Nets to automatically classify and mitigate DDoS traffic. Although the model was developed using open-source network flows rather than proprietary data center logs, the model effectively identifies multi-layer DDoS attacks that resemble the malicious patterns threatening modern data centers. Adopting this system to data center environments requires minimal changes to existing operational workflows and processes. Specifically, the GNN based system can be integrated at critical areas within a data center's network infrastructure. Our model achieved an F1 score of over 95% when evaluated on various open-source datasets, significantly reducing the likelihood of service disruptions and reputational damage. This Graph U-Nets architecture delivers unprecedented precision (98.5%) in complex cloud environments, thereby helping data center operators uphold reliable service availability and increase customer trust and goodwill in an era of increasingly sophisticated cyber threats.

Craig Jacobik

Asset owner identification is an important first step for any information security organization, allowing organizations the ability to identify and detect data breaches and losses, vulnerabilities, possible attack surfaces, and define effective countermeasures. Using existing asset ownership data, the research utilized an assortment of machine learning algorithms to determine the best classification model to predict an asset's owner. The research ran separate analyses for each enumerated team, then ran a 100 iteration Monte Carlo Cross Validation across Adaboost, Logistic Regression, Naive Bayes, Classification and Regression Trees, and Random Forests. Finally, a visualization dashboard was created to help users understand the asset inventory through interactive exploratory data analysis as well as the ability to understand model evaluation metrics including accuracy, sensitivity, and specificity for each model. Overall, Adaboost performed the best across all owners with low testing errors below 5% while Naive Bayes performed the worst. The remaining models performed similarly. The fully qualified domain name (FQDN), Classless Inter-Domain Routing (CIDR) CIDR/16, and location were among the most important features.