The Human Aspect of Cyber Attacks: Empirical Studies
Focusing on both the human and situational components of attacks we seek to answer two broad research questions: First, can system configurations impact the way attackers compromise targeted systems? Second, what social and cognitive processes are likely to determine attackers’ on line behaviors and how can we utilize these processes to generate an efficient security system against cyber attacks? To answer these questions, we present a research design that: (1) collects unique data on attackers and the attack situation, (2) generates knowledge on the factors that prompt and contribute to the evolution and development of cyber attacks, (3) produces knowledge on the set of situations faced by attackers while attacking a system, and (4) employs appropriate statistical methods to assess a specific behavior on the part of attackers based on both attackers’ and systems’ attributes.
Research conducted in collaboration with Dr. D. Maimon (Department of Criminology and Criminal Justice, UMD) and his research team. Funded by SANS, NSF.
Providing Network Awareness through Network Flows
Network awareness, i.e., the knowledge about how hosts use the network and how network events are related to each other, is of critical importance for anyone in charge of administering and securing a network. The goal of network awareness is to provide relevant information for decision-making regarding network planning, maintenance, and security. Network flows are among the most used information sources for gaining awareness in large networks because they offer a good trade-off between the level of detail provided and scalability. As a result, a majority of networks are already instrumented to collect and export network flows.
Our research focuses on developing tools that provide network awareness based solely on network flow analysis. In collaboration with AT&T, we have developed Nfsight to construct bidirectional flows out of unidirectional network flows and leverage these bidirectional flows to provide client/server identification. We now tackle the issue of creating an efficient IDS that is fed by network flows and does not rely on deep packet inspection.
Research conducted in collaboration with Dr. R. Berthier (UIUC). Funded by AT&T.
Analysis of Computer Security Incident Data
Organizations face increasing challenges in addressing and preventing security incidents. There are financial consequences from security incidents. These include lost time and resources used during recovery, possible theft of personal and/or proprietary information, and reputational damage that may negatively impact stock prices or reduce consumer confidence in a company.
Our research focuses on modeling and predicting security incidents.
We used tools from the software reliability community. We applied
Non-Homogenous Poisson Process (NHPP) models as a
method for describing the reliability growth process. We used the