CAREER: A Networking Approach to Host-based Intrusion Detection

职业：基于主机的入侵检测的网络方法

• 批准号: 1140230
• 负责人: Raheem Beyah
• 金额: $ 31.05万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-05-25 至 2015-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1140230&HistoricalAwards=false
• 关键词: CAREER; Networking; Approach; Host; based

CAREER: A Networking Approach to Host-based Intrusion DetectionProposal# 0844144Raheem A. BeyahGeorgia State UniversityAward AbstractDay by day, threats to the cyber infrastructure are becoming more complex and, in response, so too are defense mechanisms. One approach to securing nodes is to place a defense mechanism (e.g., intrusion detection system) on the node. This brings many challenges, with the most significant being that potential vulnerabilities in the defense mechanism can provide an additional avenue through which the host can be compromised. To address these challenges, this research investigates completely decoupling the defense mechanisms from the host, while continuing to provide insight about malicious activity as if the defense mechanisms resided on the host. This requires the development of new algorithms and the application of various techniques (e.g., statistical, machine learning, signal processing) to extract from a node?s network traffic characteristics that enable the inference of the state of its hardware components. Over the course of this project, a combination of experimentation and simulation will lead to the development of empirical and analytic models. The models will be used to develop network-based defense systems that provide capabilities similar to those provided by mechanisms traditionally considered host-based. This work leverages the concept of information leakage to bridge the computer architecture, computer networking, and network security fields. This project also seeks to broaden participation of groups traditionally underrepresented in the areas of science, technology, engineering, and mathematics (STEM). Accordingly, through a summer academy, the PI is actively engaging underrepresented middle school students by using current technology to convey abstract computer architecture and computer networking concepts.

职业生涯：基于主机的入侵检测的网络方法提案# 0844144Raheem A.佐治亚州立大学奖摘要：网络基础设施面临的威胁日益复杂，防御机制也随之变得更加复杂。 保护节点的一种方法是放置防御机制（例如，入侵检测系统）。这带来了许多挑战，其中最重要的是防御机制中的潜在漏洞可以提供一个额外的途径，通过该途径可以危及主机。为了解决这些挑战，本研究调查完全解耦的防御机制从主机，同时继续提供有关恶意活动的洞察力，如果防御机制驻留在主机上。这需要开发新的算法和应用各种技术（例如，统计学、机器学习、信号处理）来从节点中提取？的网络流量特征，从而能够推断其硬件组件的状态。在这个项目的过程中，实验和模拟相结合，将导致经验和分析模型的发展。这些模型将用于开发基于网络的防御系统，这些系统提供的功能类似于传统上认为基于主机的机制所提供的功能。这项工作利用信息泄漏的概念，计算机体系结构，计算机网络和网络安全领域的桥梁。该项目还寻求扩大传统上在科学、技术、工程和数学（STEM）领域代表性不足的群体的参与。因此，通过暑期学校，PI正在积极利用当前的技术来传达抽象的计算机体系结构和计算机网络概念，从而吸引代表性不足的中学生。