Automatic Intrusion Detection and Response system for Cyberinfrastructure-Oriented Systems (AIDR-COS)

面向网络基础设施的系统的自动入侵检测和响应系统（AIDR-COS）

• 批准号: 1063831
• 负责人: Jessie Walker
• 金额: $ 14.99万
• 依托单位: University of Arkansas at Pine Bluff
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-10-15 至 2012-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1063831&HistoricalAwards=false
• 关键词: Automatic; Intrusion; Detection; Response; system

In this EAGER project, the University of Arkansas at Pine Bluff is carrying out a preliminary investigation into automatic intrusion detection and response for cyberinfrastructure-oriented systems. The aim of the project is to develop an extendable framework to automatically evaluate, measure, and rate security threats, i.e. intrusions within complex network systems linked together via cyberspace using software and hardware. The cyberinfrastructure consists of computing systems, data storage systems, data repositories and advanced instruments, and visualization environments, linked together by software and advanced networks to improve scientific productivity and enable breakthroughs not otherwise possible. The framework will be designed to operate as an active/programmable component of existing systems that will be automated, dynamic and adaptive. In addition, the project will use intrusion data from the University of Arkansas at Little Rock, Center for Excellence for Assurance, Security, and Software Usability, Research, and Education (ASSURE) to construct visual representations of intrusion behavior patterns and predictive models to forecast future attacks on such systems. The project is a targeted exploratory project that is novel, and has potentially significant value for the computer/network security, and information assurance communities within five core areas as they relate to cyberinfrastructure resourcesSecurity: (1) developing a unifying quantitative system for intrusions within cyberinfrastructureoriented systems (2) developing mechanisms to automatically appraise intrusions within cyberinfrastructure-oriented systems (3) developing security visualization models to represent intrusions within cyberinfrastructure-oriented systems to allow for the classification, and categorization of intrusion types, (4) expanding the expertise of faculty members at teaching oriented universities within the domain of cyberinfrastructure security (5) expanding the community of students exposed to cyberinfrastructure security concepts, theories, practices, and principles.Intellectual MeritThe intellectual merit of the proposed AIDR-COS project is to carve out a flexible security framework to examine intrusions within cyberinfrastructure-oriented systems. The project involves a number of unique interdisciplinary research issues such as identification of intrusion types within cyberinfrastructure-oriented systems, adaptive intrusion classification structures, dynamically generated solutions, and a unique quantitative measurement process. In addition, to the development of autonomous mechanisms based on automatic intrusion detection, response models to enable autonomous system adjustments depending on intrusion classes.Broader ImpactsThe broader impacts of this project include: (1) new collaborations to expand the research/education community within the domain of cyberinfrastructure security, to include greater numbers of historically underrepresented minorities, and teaching-oriented universities, (2) expanding the ability of organizations to integrate in proven security solutions that harness available resources, thus extending the return on investment of the existing computing infrastructure and easing the integration of evolving cyberinfrastructure systems, (3) improving the ability of security engineers to develop security solutions for non-monolithiccyberinfrastructure systems, (4) developing avenues for sharing knowledge and resources as innovation takes place within the domain of cyberinfrastructure security as it relates to automatic intrusion detection and classification, and cyber security.

在这个EAGER项目中，位于Pine海崖的阿肯色州大学正在对面向网络基础设施的系统的自动入侵检测和响应进行初步调查。该项目的目的是开发一个可扩展的框架，以自动评估，测量和评估安全威胁，即通过网络空间使用软件和硬件连接在一起的复杂网络系统内的入侵。网络基础设施包括计算系统、数据存储系统、数据储存库和先进仪器以及可视化环境，这些系统通过软件和先进网络连接在一起，以提高科学生产力，实现其他方式无法实现的突破。该框架的设计将作为现有系统的一个主动/可编程组成部分运作，这些系统将是自动化、动态和自适应的。此外，该项目还将使用来自小石城阿肯色州大学卓越保障、安全和软件可用性、研究和教育中心（ASSURE）的入侵数据，构建入侵行为模式的可视化表示和预测模型，以预测未来对此类系统的攻击。该项目是一个有针对性的探索性项目，具有新颖性，对计算机/网络安全和五个核心领域内的信息保障社区具有潜在的重大价值，因为它们与网络基础设施资源有关。（1）为面向网络基础设施的系统中的入侵开发统一的量化系统（2）开发自动评估面向网络基础设施的系统中的入侵的机制（3）开发安全可视化模型来表示面向网络基础设施的系统中的入侵，以允许对入侵类型进行分类和归类，（4）在面向教学的大学中扩展网络基础设施安全领域内教师的专业知识（5）扩展接触网络基础设施安全概念，理论，实践的学生社区，AIDR-COS项目的智力价值是建立一个灵活的安全框架，以检查面向网络基础设施的系统中的入侵。该项目涉及一些独特的跨学科的研究问题，如网络基础设施为导向的系统，自适应入侵分类结构，动态生成的解决方案，以及一个独特的定量测量过程中的入侵类型的识别。此外，为了开发基于自动入侵检测的自主机制，响应模型，以根据入侵类别进行自主系统调整。更广泛的影响该项目的更广泛的影响包括：（1）开展新的合作，扩大网络基础设施安全领域的研究/教育界，包括更多历史上代表性不足的少数民族和教学型大学，（2）扩展组织集成利用可用资源的成熟安全解决方案的能力，从而延长现有计算基础设施的投资回报，并简化不断发展的网络基础设施系统的集成，（3）提高安全工程师为非整体网络基础设施系统开发安全解决方案的能力，（4）随着网络基础设施安全领域的创新，开发共享知识和资源的途径，因为它涉及自动入侵检测和分类以及网络安全。