The goal of the MISTRAL ( Massive Internal System Traffic Research Analysis and Logging) project is to to leverage and expand Duke’s internal network monitoring fabric and data collection points, and to create a reference scientific security dataset (RSSD) and associated data pipeline and analysis techniques. The project components will aid in detection of abnormal or malicious activities impacting the identified science drivers and associated cyberinfrastructure in Duke datacenters and research labs. This innovative project is a key step in a larger effort to detect and respond to security incidents or Indicators of Compromise (IoC) for scientific application workflows and workloads in a privacy- preserving manner, including developing the data handling capacity to evolve threat intelligence and alerting.
MISTRAL’s key objectives are to:
- Build a scalable infrastructure to capture relevant scientific data and workflow.
- Enrich the dataset using other data; analyze for anomalies or to optimize workflow.
- Extend dataset access internally, to external partners and then to the public.