ORCA: Advanced analytics for Cyber Security


Oak Ridge Cyber Analytics (ORCA) is a suite of tools for applying automation and advanced analytics to pressing information security problems.  ORCA is comprised of several components, each of which addresses widespread technology gaps in computer network defense.

  1. Zero-day Network Intrusion Detection
    Applying machine-learning to network traffic to reliably discriminate known and unknown network-based attacks.
    Click here for a demonstration video. <=

  2. Network Data Discovery Engine
    Mapping the distribution of textual data on a network, including quantifying the value of the information each host contains.

  3. Detecting Malicious Behaviors in Critical Infrastructure Systems
    Analyzing command and control messages in critical infrastructure systems for command and data injection and denial of service behaviors.

  4. Alert Correlation and Visualization
    Aggregation, analysis, and correlation of IDS alerts coupled with interactive visual analytics for decision support.
    => Click here for demonstration video. <=

  5. Investigation Automation
    A framework to automate and enhance the cyber security incident investigation process.

  6. Host-based Exfiltration Detection
    Host-based sensors and analytics for identifying probable unauthorized exfiltration actions.

  7. APT Email Detection
    A real-time mail message analyzer that identifies APT (phishing) e-mails.

For more information, please email us at orca@ornl.gov

Solving Hard Problems in Information Security

Since 2009, ORCA research and development has been sponsored by the following entities:

Last updated 8/15/2014