|
Our research work is dedicated to ensuring that the benefits and
convenience of networked computing continue to outweigh the risks
of operating in an open networked environment. Increasingly refined
intrusion-detection techniques allow users to operate with confidence,
in spite of the vast number of attacks that threaten computer systems,
performed both by humans and by automated attackers such as worms
and viruses.
Our work in intrusion and malware detection covers the following
areas:
- Sensors:
- An intrusion-detection system can only be as good as the data
on which it bases its decisions. For this reason, we focus on
developing technologies that can efficiently, accurately and effectively
collect and provide low-level data about potentially malicious
activities taking place in a computer system or network.
- Management and analysis:
- Modern networks contain a multitude of devices and technologies
that can provide security-relevant information, including but
not limited to intrusion detection and prevention systems, firewalls,
malware-detection systems and authentication systems. All of these
mechanisms generate information in disparate formats and at different
levels of abstraction. To provide a coherent and useful high-level
picture of the activities to a network, system or security administrator,
this heterogeneous stream of events must be analyzed and correlated.
Our work in this area includes technologies for analyzing event
streams, reducing false positives, and providing context information
for security-related events.
- Autonomic response:
- The explosiveness and aggressiveness of some modern attacks
have made it impossible for a human to react in a useful manner.
It has become clear that automatic response mechanisms are needed.
However, automatic response has historically proved to be extremely
dangerous owing to its inherent possibility of self-denial-of-service
and other undesirable effects. We are working on "gentle" intrusion
response technologies that accommodate the importance of not affecting
vital business and technical processes.
|
 |
|
| |
|
 |
| |
|
| [1] |
James Riordan, Diego Zamboni, Yann Duponchel. Building
and Deploying Billy Goat, a Worm-Detection System. Proceedings
of the 18th Annual FIRST Conference, 2006. |
| [2] |
James Riordan, Diego Zamboni, Yann Duponchel. Billy
Goat, an Accurate Worm-Detection System. Research report
RZ3609. |
| [3] |
Tadeusz Pietraszek, Chris Vanden Berghe. Defending
against Injection Attacks through Context-Sensitive String Evaluation.
RAID
2005. |
| [4] |
C. Araujo, A. Biazetti, A. Bussani, J. Dinger,
M. Feridun, and A. Tanner. Simplifying correlation
rule creation for effective systems monitoring. In Akhil
Sahai and Felix Wu, editors, Proceedings of the 15th IFIP/IEEE
International Workshop on Distributed Systems: Operations and
Management, DSOM 2004, volume 3278 of Lecture Notes in Computer
Science, Heidelberg, 2004. Springer Verlag. |
| [5] |
Annie Chen, Navendu Jain, Tadeusz Pietraszek, Sean Rooney,
and Paolo Scotton. Scaling
real-time telematics applications using programmable middleboxes:
A case study in traffic prediction. In Proceedings
of 2004 1st IEEE Consumer Communication and Networking Conference,
pages 388-393, Las Vegas, NV, 2004. |
| [6] |
Tadeusz Pietraszek. Using adaptive alert classification
to reduce false positives in intrusion detection. In
Recent Advances in Intrusion Detection (RAID2004), volume 3324
of Lecture Notes in Computer Science, pages 102-124, Sophia
Antipolis, France, 2004. Springer-Verlag. |
| [7] |
Klaus Julisch. Using root cause analysis to handle
intrusion detection alarms. ACM Transactions on Information
and System Security 6(4), November 2003. |
| [8] |
Klaus Julisch and Marc Dacier. Mining
intrusion detection alarms for actionable knowledge.
In Proceedings of the 8th ACM International Conference on Knowledge
Discovery and Data Mining, pages 366-375, July 2002. |
|
|
|
| |
|
|
| |
|
|
