Event Correlation for Cyber Attack Recognition Systems (S. Upadhyaya, CSE Dept., J. Llinas, IE Dept. M. Sudit, IE Dept.)

In this project, we are working with colleagues from Industrial Engineering on the development of a demonstrable software-system prototype that will be capable of fusing performance and event data coming from various intrusion detection and network management subsystems typically used in information infrastructures with data derived from textual, open sources to give the security analyst a broad interpretation of what is going on in his system, and what the motivation might be behind an attack. The fusion process involves adaptive logic that produces feedback information that can also be used to modulate the network and open-source sensors to increase their effectiveness. This research involves graph theoretic approaches to threat assessment, fusion and sensor management.

Protecting Documents from Insider Threat – A Multiphase Approach (S. Upadhyaya, CSE Dept.)

This project develops a comprehensive document control and management system through several innovative schemes for secure access, on-line monitoring and support for log-based forensics. The uniqueness of the approach is the security consideration throughout the life cycle of a document, viz., pre-document access phase, mid-document access phase and post-document access phase. We are applying the concept of user profiling, document profiling and role-based access control mechanisms to accomplish the goals. The expected outcomes of this research are: more accurate modeling and mitigation of insider threat (graph-based), protection against subversion/circumvention of the monitoring mechanism itself (structural knowledge) and post-attack trace-back for attack identification (forensics) as applicable to the realm of document control.

Real-Time Intrusion Detection with Emphasis on Insider Attacks (S. Upadhyaya, CSE Dept.)

Intrusion detection forms one facet of security measures to combat cyber threat. We have been working on a novel security system based on the encapsulation of user's intent, which can be readily used as a concise reference for monitoring of intrusions. Moving away from the traditional method of detecting intrusions through low level network and other resource audit, to a much higher level results in more complete semantic perspective of what the user wants to accomplish. By actively querying the user for his intent, one will be able to build a small and manageable set of assertions so that the search space is more focused and the system is able to respond faster, make fewer mistakes and scale well. The science and engineering aspect of this research is rooted in:
1) Martingale theory
2) engineering methodologies for scalability
3) reasoning for effective discrimination between legitimate users and intruders,
and finally
4) implementation, testing and revisions.

Architecture Model for a Generic and Secure Wireless LAN System (S. Upadhyaya, CSE Dept.)

Existing WLAN security schemes are few and product specific. While there are some schemes for dealing with problems relating to Information Integrity, there are hardly any standard solutions for security problems relating to Quality of Service and Network Health Maintenance in Wireless Networks. In the absence of strong standards, the existing approach to general WLAN security is vendor specific. Different manufacturers provide their own specific set of security features for their products. In this research, we propose an architecture model for Secure WLANs that is generic in its design, so that it can be easily incorporated into the existing systems, and low cost, hence feasible and easy to implement. We propose a framework to deal with Intrusion Detection, Malicious Behavior Detection, Maintaining QoS and Network Health and Admission Control. The model presents a unique solution for dealing with Denial of Service Attacks on Access Points. A unique behavior Monitoring scheme has been developed and tested by us, which validates the model.

Unintended Information Retrieval (R. Srihari, CSE Dept.)

The problem of unintended information revelation (UIR) is a special case of text mining where the documents represent some pre-selected subset of interest to a user, generated through purposeful querying or surfing. The goal is to quantify the information revealed by this subset, and detect significant chains of concepts and associations. This project will impact several applications, most notably homeland defense applications. The UIR toolkit will expose sensitive information available on unclassified websites. It can also be used to ascertain that information is benign, or safe to disseminate. Applications in discovery from scientific documents are also enabled.

Dimensions of Web Assurance in B2C E-Commerce: A Comparative Study (H. Raghav Rao, MSS Dept.)

The goal of this project is to analyze the extent of implementation of assurance services in select Fortune 1000 B2C firms, identify any possible pattern that may exist between Company characteristics (industry type, size, and reputation) and assurance service dimensions (security, privacy and business integrity). The study conducted in this project has a two-fold contribution. We believe it is among the first to (a) investigate the extent of implementation of third party assurance services in B2C e-commerce Company Websites and (b) determine the presence of possible patterns in the extent of implementation of assurance services in selected Fortune 1000 B-C Companies in the following four sectors -- Computers and office equipment, General merchandisers, Specialty retailers, and Apparel.

rusion Countermeasures Security Model Based on Prioritization Scheme for Intranet Access (H.R. Rao, MSS Dept. and S. Upadhyaya, CSE Dept.)

The focus of this joint research with a colleague from the School of Management is security of corporate Intranets. Using role based access control as a base we develop a framework of interaction of various entities in the model. Alerts are a critical element of a real-time response, but how alert engines operate and filter tons of log data decides the effectiveness of such infrastructure. Our work incorporates priority schemes into alert mechanisms to develop a more effective intrusion countermeasure against misuse and attack. It leverages the enterprise’s investment in security technology to develop an optimized solution to respond to those attacks, by advising the enterprise’s on-site administrators.


Information Assurance Scholarship Program and Capacity Building in Computer Security (S. Upadhyaya, CSE Dept. and H.R. Rao, MSS Dept.)

This grant covers a total of four IA scholarships (two in 2002-03 and two additional ones in 2003-04). The capacity building part in 2002-04 includes the development of a new course, a laboratory and a Certificate Program in IA and the capacity building in 2003-04 includes the development of a new course in Wireless Network Security and planning for a Wireless Security Laboratory. The Certificate Program is expected to be available in Fall 2004 and is briefly described in the following.


