GGrantIndex
← Search

TC: Small: Data Driven Analysis of Security Attacks in Large Scale Systems

$500,000FY2010CSENSF

University Of Illinois At Urbana-Champaign, Urbana IL

Investigators

Abstract

Despite sophisticated monitoring tools for runtime detection of intruders and techniques designed to protect computing systems from a wide range of attacks, attackers continually penetrate even well-protected systems. Attack data from real, large-scale production environments (National Center for Supercomputing Applications (NCSA) at Illinois, in this work) are used as a basis for characterizing and modeling attacker behavior and for uncovering deficiencies of the monitoring infrastructure. Increased understanding of attacks arising from these analysis and modeling activities significantly contributes to improvements in secure systems analysis and design. The analyses uncover new and realistic attack scenarios that can guide the design of enhancements to improve system protection against malicious activities at every level. Understanding real attack patterns and classes through detailed forensics pinpoints the open holes in a network/system and characterizes attacker behavior. In-depth study of the data allows investigating actions and intentions of the attacker, and creates a foundation for the design of an automated tool to assist in data collection, analysis, and response. The size and variety of the data enable a flexible framework to be developed that can incorporate insights gained from attacks yet unseen. This research produces sound methods for automated (semi-automated) analysis of large populations of data on security attacks and develops tools to facilitate the analysis and detection. The goals are to understand the attack patterns, establish comprehensive models to capture attacker behavior, and use the models to enable development of techniques for rapid detection of malicious tampering with the system.

View original record on NSF Award Search →