Toward unsupervised classification of non-uniform cyber attack tracks

As adversary activities move into cyber domains, attacks are not necessarily associated with physical entities. As a result, observations of an enemy's Course of Action (eCoA) may be sporadic, or non-uniform, with potentially more missing and noisy data. Traditional classification methods, in this case, can become ineffective to differentiate correlated observations or attack tracks. This paper formalizes this new challenge and discusses three solution approaches from seemingly unrelated fields. This attempt sheds new light to the problem of classifying unknown types of non-uniform cyber attack tracks.