Intelligence-driven Cyber Security Defense Tools

情报驱动的网络安全防御工具

• 批准号: RGPIN-2014-05208
• 负责人: Ghorbani, Aliakbar
• 金额: $ 1.89万
• 依托单位: University of New Brunswick
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2018
• 资助国家: 加拿大
• 起止时间: 2018-01-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=651798
• 关键词: Intelligence; driven; Cyber; Security; Defense

Surveys suggest an estimated annual burden of between $13 billion and $1.6 trillion as a result of security violations in various dimensions of infrastructure systems. With the magnitude of this problem, security related issues were brought to the forefront of enterprise and government concerns and forced experts to search for comprehensive and intelligent solutions for systems' security. Currently, there is a lack of sound and comprehensive tools for practical security assessment and management that allow the understanding of an impact of emergent threats on a system and the development of comprehensive and proactive solutions to safeguard an infrastructure. Another major challenge in this respect is the capability of well-established and already widely-used analytical approaches and methodologies to cope with the wealth of data pertinent to a system's security status and their ability to extract intelligent and relevant information useful for an immediate incident prevention and mitigation. Over the next five years we will focus on advancing research in intelligent-driven cyber security defense by identifying and developing a bank of models, methodologies, techniques, and tools for understanding the impact(s) of emergent threats on a system and developing a comprehensive and proactive solutions to safeguard an infrastructure. The goal of the proposed research is to reduce the likelihood of catastrophic incidents by taking a holistic approach in creating a more informed view of threats. We believe that effective and actionable intelligence can be generated only when all information within an enterprise with security relevance gets collected, organized, analyzed, correlated, and leveraged. **We will focus on developing:**1. Malware Analysis: Unprecedented growth in malware numbers and botnet activity in cyberspace each year, coupled with a rapidly changing threat landscape (i.e., evolution of mobile computing, social networks) revealed an acute inadequacy of traditional approaches predominantly based on recognition of well-documented threats (signatures). Since an effective defense in cyber space requires accurate assessment and recognition of malware threats, my research activities will focus on several areas: threats analysis, threat attribution and threat detection. One of the main interests in this context will be mobile malware and botnet threats.**2. Big Data Security Analytics: In security domain event logs provide a rich source of information that allows to analyze the anatomy of attacks and system failures often pinpointing weak spots and potential solutions. In this area my research objectives are: 1) dynamic recognition/structuring and predictive analytics for security data in large-scale systems, with the primary goal of improving the productivity of domain experts that are challenged with constantly appearing of new ad hoc formats; and, 2) Predictive analytics for large-scale security data, with the aim of developing predictive analytic methods to allow a comprehensive analysis of network security through modeling impacts of attacks and potential network changes/mitigation strategies introduced by an administrator. **3. Security Visualization: Security visualizations should have an elegant and visually appealing design, while being informative, interactive, and providing exploratory capabilities. One of the fundamental challenges in this respect is scalability of conventional visualization techniques in the presence of Big Data phenomenon. Our research focus in this direction lies in addressing this challenge, i.e., to design and develop a scalable visualization system able to cope with ever-increasing amounts of data while providing an interactive experience to a user.

调查显示，由于基础设施系统各个方面的安全违规行为，预计每年造成 130 亿至 1.6 万亿美元的负担。随着这一问题的严重性，与安全相关的问题成为企业和政府关注的首要问题，迫使专家们寻找全面、智能的系统安全解决方案。目前，缺乏健全且全面的实用安全评估和管理工具，无法了解紧急威胁对系统的影响，并开发全面且主动的解决方案来保护基础设施。这方面的另一个主要挑战是成熟且已广泛使用的分析方法和方法的能力，以处理与系统安全状态相关的大量数据，以及提取可用于立即预防和缓解事件的智能和相关信息的能力。未来五年，我们将重点推进智能驱动的网络安全防御研究，识别和开发一系列模型、方法、技术和工具，以了解紧急威胁对系统的影响，并开发全面、主动的解决方案来保护基础设施。拟议研究的目标是通过采取整体方法来创建更明智的威胁视图，从而减少灾难性事件的可能性。我们相信，只有收集、组织、分析、关联和利用企业内与安全相关的所有信息，才能生成有效且可操作的情报。 **我们将重点开发：**1。恶意软件分析：网络空间中的恶意软件数量和僵尸网络活动每年都出现前所未有的增长，再加上快速变化的威胁形势（即移动计算、社交网络的演变），揭示了主要基于对有据可查的威胁（签名）的识别的传统方法的严重不足。由于网络空间的有效防御需要准确评估和识别恶意软件威胁，因此我的研究活动将集中在几个领域：威胁分析、威胁归因和威胁检测。在这种情况下，主要兴趣之一是移动恶意软件和僵尸网络威胁。**2。大数据安全分析：在安全领域，事件日志提供了丰富的信息源，可以分析攻击和系统故障的结构，通常可以查明薄弱环节和潜在的解决方案。在这一领域，我的研究目标是：1）大规模系统中安全数据的动态识别/结构化和预测分析，主要目标是提高面临不断出现新的临时格式挑战的领域专家的生产力； 2）大规模安全数据的预测分析，旨在开发预测分析方法，通过对攻击的影响和管理员引入的潜在网络更改/缓解策略进行建模来全面分析网络安全。 **3.安全可视化：安全可视化应具有优雅且视觉上吸引人的设计，同时具有信息性、交互性并提供探索功能。这方面的基本挑战之一是传统可视化技术在大数据现象下的可扩展性。我们在这个方向的研究重点在于应对这一挑战，即设计和开发一个可扩展的可视化系统，能够应对不断增加的数据量，同时为用户提供交互式体验。