IBM InfoSphere Streams Version 4.1.1

Toolkit 1.0.0

SPL standard and specialized toolkits > 1.0.0

General Information

The Cybersecurity Toolkit provides operators that are capable of analyzing DNS response records. The operators in this toolkit use machine learning models to analyze DNS traffic and report on suspicious behaviour.

The DomainProfiling and HostProfiling operators build profiles using windows of DNS response records and reports if the behaviour of a domain or host is suspicious compared to other domains or hosts in the network. The PredictiveBlacklisting operator uses an SPSS model to predict if a domain should be blacklisted.

The toolkit also comes with the BWListTagger operator. The operator loads black and white lists containing domains and IPs and then tags incoming domains and IPs as either being in the black list or the white list.

Network Toolkit Requirement

Applications that use the Cybersecurity Toolkit must also add the toolkit as a dependency. The Network Toolkit contains operators to ingest and parse DNS traffic. The toolkit can be downloaded from GitHub:

SPSS Toolkit

In order to use the PredictiveBlacklisting operator, applications must add the as a dependency. This toolkit is available in the IBM SPSS Modeler Solution Publisher product.

Sample Applications

Sample applications demonstrating how to use the operators in this toolkit can be found on GitHub:

Required Product Version