Data-driven software-defined security

数据驱动的软件定义安全

• 批准号: 530335-2018
• 负责人: Boutaba, Raouf
• 金额: $ 10.48万
• 依托单位: University of Waterloo
• 依托单位国家: 加拿大
• 项目类别: Collaborative Research and Development Grants
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=697964
• 关键词: Data; driven; software; defined; security

Undoubtedly, businesses and financial institutions are constantly under security threats, which not only costs billions of dollars in damage and recovery, it also detrimentally affects their reputation. A botnet-assisted attack is a widely known threat to these organizations. According to the U.S. Federal Bureau of Investigation, Botnets have caused over $9 billion in losses to U.S. victims and over $110 billion in losses globally. Approximately 500 million computers are infected globally each year, translating into 18 victims per second. Thus, it is imperative to defend these organizations against botnet-assisted attacks. In this project, we aim to devise an adaptive and robust botnet detection and mitigation system that leverages machine learning (ML). We propose novel anomaly-based intrusion detection, employing both host- and network-based detection methods. Each method is strong in detecting some of the essential bot behaviors. Hence, our hybrid detection will leverage the strengths of the underlying methods to build an advanced detection system that bots cannot easily evade. The proposed system will adapt the ML models to network dynamics and adversarial activities, utilizing incremental and adversarial learning, respectively. Upon detection of an intrusion, the system will leverage software-defined networking (SDN) to dynamically adapt the monitoring and surveillance of the network, and instigate root cause analysis. The system will automatically generate mitigation workflows that will be enforced via SDN, to ensure integrity of network and its data. The proposed project will broaden the scope of botnet detection and mitigation, including protection against zero-day threats. Advances made in collaboration with the industry partner, Royal Bank of Canada (RBC), will have a lasting impact on the design principles and practices of cybersecurity for Canadian businesses and financial institutions.

毫无疑问，企业和金融机构不断受到安全威胁，这不仅要花费数十亿美元的损失和恢复，还会对他们的声誉造成不利影响。僵尸网络辅助攻击是对这些组织的一种众所周知的威胁。根据美国联邦调查局的数据，僵尸网络给美国受害者造成了超过90亿美元的损失，在全球范围内造成了超过1100亿美元的损失。全球每年约有5亿台计算机受到感染，相当于每秒18名受害者。因此，必须保护这些组织免受僵尸网络辅助攻击。