|
|
 |
| Continuous
Monitoring of the Network |
Publications
|
Posters |
Researchers: Franklin Gavilanez, John Baras, Carlos
Berenstein
Synopsis: The internet, as well as other
freely evolving networks has a topology that changes dynamically;
therefore the topology is very complicated. Presently, there
is an increase in dependency on the internet for several
things such as communication, information traffic and many
more. Hence, it is imperative that we prevent attackers
from disrupting this network. To accomplish this task, it
is essential to count on a mathematical model that can allow
early detection (and then ring the bell) of attacks to the
network. The mathematical tool that we are looking for to
accomplish that early detection is based on the use of Tomography
ideas. The last affirmation is based on the April 28-29,
2000 workshop on the interface between the mathematical
sciences and three areas of computer science: network traffic
modeling, computer vision, and data mining and search. This
workshop was cosponsored by the Board on Mathematical Sciences
(BMS) and the Computer Science and Telecommunications Board
of the National Research Council.
Tools: N/A
Project web page: N/A
|
| |
|
|
| Formal
and Statistical Models for Detection and Security Problems |
Publications
|
Posters |
|
Researchers: Alvaro
Cardenas, Shahan Yang, Vahid
Ramezani, John Baras
Synopsis: We are interested
in detecting and signaling anomalies in the network by the
use of sequential probability ratio tests. Some examples we
are looking at are detecting distributed attacks in fixed
networks and routing attacks for ad hoc wireless networks.
Tools: NS2
and MATLAB
Project web page: N/A |
| |
|
|
| Machine Learning methods for Intrusion Detection |
|
Posters |
|
Researchers: Maben Rabi , Shahan Yang, Vahid
Ramezani, John Baras
Synopsis: This work addresses
the task of detecting intrusions in the form of malicious
programs on a host computer system by inspecting the trace
of system calls made by these programs. We use "attack-tree"
type generative models for such intrusions to select features
that are used by a Support Vector Machine Classifier. Our
approach combines the ability of an HMM generative model to
handle variable-length strings, i.e. the traces, and the non-asymptotic
nature of Support Vector Machines that permits them to work
well with small training sets.
Tools: MATLAB,
C, DARPA-LL-IDEVAL data-set
Project web page: N/A |
| |
|
|
| Detection
and classification of known and unknown attacks |
|
Posters |
|
Researchers: Svetlana
Radosavac, Irena
Bojanic, Shahan Yang, Vahid
Ramezani, John Baras
Synopsis: This work addresses
detection of known attacks and their classification. We develop
models based on Finite State Machines and Hidden Markov Models.
We put emphasis on detection and classification of buffer
overflow attacks and we develop Finite State Machine models
for various attacks, representing them with models consisting
of no more than 5 states. The models developed so far represent
the first step in modeling of network attacks. We demonstrate
that models that represent network attacks can be developed
and used for both detection and classification. In this phase
of research we put emphasis on detection and classification
of network intrusions and attacks using Hidden Markov Models
and training on anomalous sequences. We demonstrate that
models for other attacks can be built following our methods
but could not be tested due to lack of data. The method proposed
is highly efficient and captures characteristic features
of attacks in short period of time using very low number
of sequences.
Tools: MATLAB, Perl
Project web page: N/A |
| |
|
|
| Covert Information Transmission in Wireless Systems |
Publications
|
Posters |
|
Researchers: Song Li, Anthony Ephremides
Synopsis: Cover channels,
which put threats on authentication as well as integrity properties
of operating systems, have received lots of concerns and studies.
However, how to secure the inherently insecure wireless
communication systems from such threats and how to deploy
cover channels to secure wireless systems haven't been well
understood yet. The objective of this project is to investigate
covert channels existing in
wireless systems. The existence of covert channels lies in
the availability of system variables that can be manipulated
intentionally to convey covert information. As the broadcast
nature of radio links makes the wireless networks less secure
and easier to tap than wired communication systems, the same
reason makes wireless covert channels more vulnerable against
detection. In this project, we are going to study already-implemented
covert channels, design new ones and examine the systems
that
host the covert communications. We expect to be able to not
only offer stronger protection for the wireless systems
from
the known attacks based on conveying covert information,
but also point out the weakness in the systems where unknown
attack
may deploy. We will also look for efficient and effective
ways of applying covert channels to secure wireless communication
networks.
Tools: N/A
Project web page: N/A |
| |
|
|
| Communication-Friendly Encryption of Multimedia |
Publications
|
Posters |
|
Researchers: Yinian Mao, Min
Wu
Synopsis: This project
addresses the rapidly growing demand for secure multimedia
communications in various networks scenarios with different
device power and computation constraints. The goal of this
project is to design flexible encryption schemes in which
parameters of encryption can be adjusted to fit different
bandwidth requirement and communications device constraint,
at the same time facilitate some processing of intermediate
network units. The performance will be analyzed by comparison
with other multimedia encryption schemes and by theoretical
analysis. Currently we propose three different encryption
tools working in different domains. These encryption schemes
elegantly combine contemporary encryption (such as AES and
RSA) algorithms and signal processing techniques. The proposed
tools are, a syntax-aware selective bit-stream encryption
tool with bit stuffing, a generalized index mapping encryption
tool with controlled overhead, and an intra-bitplane encryption
tool compatible to fine granularity scalable coding. We also
analyze the communications and computation overhead brought
by encryption as well as the computation/security tradeoff
of the proposed tools.
Tools: Visual
C++, MATLAB
and Paint
Shop Pro
Project web page: Under construction |
| Cooperative
Intrusion Detection Databases with Aggregates on a Shadow Security
Network |
Publications
|
Posters |
Researchers: Dimitrios
Tsoumakos, Nicholas Roussopoulos
Synopsis: We propose a "shadow security
network" (SSN), a substrate of the wireless networks
for real-time delivery of log patterns, statistics, and
control messages to the various interconnected nodes responsible
for the security of a sub-network. SSN is an independent
orthogonal network channel that could either run on its
own platform or can be multiplexed with the normal data
channels. Its whole purpose is intrusion detection and
prescription (vaccine) for defending an attack. SSN is "broadcast"
network delivering security data. A Cooperative Intrusion
Detection Database (CID2) will consist of patterns observed,
statistics aggregated by individual nodes, statistics observed
across multiple nodes, and prescription to remedy attacks.
CID2 will completely reside on the SSN and its pieces will
continuously be distributed as a "broadcast" program.
In our work we primarily (but not entirely) focus on
the
following research issues: a) types of collected data b)
data structures and algorithms for storing and querying
data (efficient, fast, incremental, adaptive) c) cooperative
aggregation system.
Tools: IDSs (e.g. Snort),
C++ code/simulations
Project web page: N/A
|
|
|
|
