Computer security research and analysis facility

计算机安全研究和分析设施

• 批准号: 330309-2006
• 负责人: McHugh, John
• 金额: $ 10.89万
• 依托单位: Dalhousie University
• 依托单位国家: 加拿大
• 项目类别: Research Tools and Instruments - Category 1 (<$150,000)
• 财政年份: 2006
• 资助国家: 加拿大
• 起止时间: 2006-01-01 至 2007-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=326098
• 关键词: Computer; security; research; analysis; facility

This proposal describes an experimental facility to support a program of research in Computer and Network security to be carried out at Dalhousie University under the auspices of the newly established Privacy and Security Laboratory. The proposed facility supports both observational and experimental studies.  Over the years, the internet has grown to the point that it exhibits emergent behaviors, i.e. aggregate phenomena that cannot be predicted from the behaviors of the individual systems or groupings of individual systems from which it is composed.  These manifest themselves in a variety of ways, including the collapse of parts of the core routing structure during scanning worm outbreaks, and a highly visible disturbance of an otherwise power law connection statistic by a relatively small pool of machines infected with the Welchia-B worm.  By aggregating and analyzing massive amounts of network data, we develop global situational awareness of the network that allows us to place local observations in perspective. The analytical component of the facility supports this kind of investigation. At the same time, the defense of individual enterprises and systems requires local detection and defense measures.  There have been a few attempts at performing evaluations of defensive mechanisms such as Intrusion Detection Systems, but these have been largely unsatisfactory for a number of reasons.  The second major component  of the proposal is  an isolated test facility that supports such evaluations. It can also be used for a variety of projects involving malicious code such as worms and for exploring new ways to both detect and mitigate attacks on end systems and networks. This test facility will also support research projects in a number of related areas, including the generation of realistic background traffic for use in security testing, and better techniques for evaluating intrusion detection and prevention systems.  It can also serve as a dedicated simulation or emulation facility to explore selected aspects of network behavior for larger networks. The facility also supports the training of both researchers and practitioners in computer security practices.

该提案描述了一个实验设施，以支持在达尔豪斯大学新成立的隐私和安全实验室主持下进行的计算机和网络安全研究项目。拟议中的设施既支持观测研究，也支持实验研究。多年来，互联网已经发展到表现出突现行为的地步，即不能从组成互联网的单个系统或单个系统分组的行为中预测到的聚集现象。这些以各种方式表现出来，包括在扫描蠕虫爆发期间核心路由结构的部分崩溃，以及相对较小的感染了Welchia-B蠕虫的机器池对幂律连接统计数据的非常明显的干扰。通过汇总和分析大量的网络数据，我们开发了网络的全球态势感知，使我们能够正确地放置局部观察。该设施的分析部分支持这种调查。同时，单个企业和系统的防御需要采取局部检测和防御措施。已经有一些尝试对防御机制（如入侵检测系统）进行评估，但由于一些原因，这些评估在很大程度上不令人满意。该建议的第二个主要组成部分是支持这种评估的独立测试设施。它还可以用于涉及恶意代码（如蠕虫）的各种项目，以及探索检测和减轻对终端系统和网络的攻击的新方法。该测试设施还将支持若干相关领域的研究项目，包括生成用于安全测试的真实背景流量，以及评估入侵检测和预防系统的更好技术。它还可以作为专用的模拟或仿真工具，用于探索大型网络的网络行为的选定方面。该设施还支持计算机安全实践方面的研究人员和从业人员的培训。