Research Projects:

  • Mitigating the Insider Threat using High Dimensional Search and Modeling. This is a joint project with Telcordia Technologies and Carnegie Mellon University. The Buffalo team consisting of myself and Prof. Hung Ngo is developing a theory of insider threat representation and assessment. This is the first such work which systematically and specifically addresses insider threat. We have developed a modeling methodology which captures several aspects of insider threat, and subsequently, show threat assessment methodologies to reveal possible attack strategies of an insider.

    • Graduate Students: R. Chinchani (graduated May 2005), S. Pramanik.
    • Funding Agency: DARPA (2004-05)

  • Real-Time Intrusion Detection with Emphasis on Insider Attacks. Intrusion detection forms one facet of security measures to combat cyber threat. I have been working on a novel security system based on the encapsulation of user's intent, which can be readily used as a concise reference for monitoring of intrusions. Moving away from the traditional method of detecting intrusions through low level network and other resource audit, to a much higher level results in more complete semantic perspective of what the user wants to accomplish. By actively querying the user for his intent, one will be able to build a small and manageable set of assertions so that the search space is more focused and the system is able to respond faster, make fewer mistakes and scale well. The science and engineering aspect of this research is rooted in 1) Martingale theory, 2) engineering methodologies for scalability, 3) reasoning for effective discrimination between legitimate users and intruders, and finally 4) implementation, testing and revisions.

    • Graduate Students: R. Chinchani (graduated May 2005), A. Muthukrishnan (graduated June 2004), M. Chandrasekaran, A. Garg.
    • Funding Agency: DARPA (2003-05), AFRL (2000-06)

  • Event Correlation for Cyber Attack Recognition Systems. In this project, I am working with a couple of colleagues from Industrial Engineering on the development of a demonstrable software-system prototype that will be capable of fusing performance and event data coming from various intrusion detection and network management subsystems typically used in information infrastructures with data derived from textual, open sources to give the security analyst a broad interpretation of what is going on in his system, and what the motivation might be behind an attack. The fusion process involves adaptive logic that produces feedback information that can also be used to modulate the network and open-source sensors to increase their effectiveness. This research involves graph theoretic approaches to threat assessment, fusion and sensor management.

    • Graduate Students: S. Mathew and C. Shah (graduated Jan. 2005).
    • Funding Agency: ARDA (2004-06), AFRL (2004-06)

  • Protecting Documents from Insider Threat - A Multiphase Approach. This project develops a comprehensive document control and management system through several innovative schemes for secure access, on-line monitoring and support for log-based forensics. The uniqueness of the approach is the security consideration throughout the life cycle of a document, viz., pre-document access phase, mid-document access phase and post-document access phase. I am applying the concept of user profiling, document profiling and role-based access control mechanisms to accomplish the goals. The expected outcomes of this research are: more accurate modeling and mitigation of insider threat (graph-based), protection against subversion/circumvention of the monitoring mechanism itself (structural knowledge) and post-attack trace-back for attack identification (forensics) as applicable to the realm of document control.

    • Graduate Students: S. Pramanik, S. Vidyaraman, N. Shah (graduated June 2004).
    • Funding Agency: ARDA (2003-05)

  • Defect and Fault Modeling of RF Circuits. A number of problems in the VLSI Testing area are better addressed by empirical studies and simulation. Defect based testing has been now recognized as a very effective test approach for deep sub-micron integration technology due to its ability to focus on realistic faults. In this research, we look at front-end RF components and with the help of layout level analysis tools, conduct empirical analysis to model realistic failures. This research involves the defect analysis and fault model extensions of both active and passive circuit elements.

    • Graduate Students: K. Sundararaman (graduated May 2004), R. Bhowmick (graduated June 2005), Srinivasan Gopalakrishnan.
    • Funding Agency: SRC, Microelectronics Design Center, University of Rochester (2003-06)
 
 

Home | Contact