Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

To Detect Cyberattacks, New Software System Developed at UB Profiles ’Normal’ Computer Habits

11.10.2002


An early version of a new software system developed by University at Buffalo researchers that detects cyberattacks while they are in progress by drawing highly personalized profiles of users has proven successful 94 percent of the time in simulated attacks.



The "user-level anomaly detection system" was described here today (Oct. 10, 2002) at the military communications conference known as MILCOM 2002.

"We have developed a new paradigm, proactively encapsulating user intent where you basically generate a profile for every single user in the system where security is a major concern," said Shambhu Upadhyaya, Ph.D., associate professor of computer science and engineering at UB and co-author of the paper.


In addition to the paper presentation, MILCOM invited Upadhyaya to give a half-day tutorial on the new intrusion detection system at the meeting.

Upadhyaya directs UB’s Center of Excellence in Information Systems Assurance Research and Education, one of 36 in the U.S. chosen by the National Security Agency to develop new programs to conduct research and train students to protect the nation’s information technology systems from cyberterrorism.

The new UB intrusion detection system is being developed for application in highly secure facilities, such as those in the military.

"Existing approaches look at a past record of computer activity because those systems produce audits of activity for every user," he explained. "Our methodology is a marriage of two known techniques: misuse and anomaly detection. We use an assertion/rule-based approach to precisely capture the initial bracket of activity and then fine-tune this profile to reflect ongoing activity, making highly personalized and accurate profiles possible.

"Also, since users are being constantly monitored, this system can detect intrusions or attacks on-the-fly."

The UB system generates a user profile according to data about standard operations and commands that each user follows to carry out specific tasks.

The system is designed to detect significant deviations from procedures followed by normal users.

While some commercially available computer security packages already feature user-profiling, Upadhyaya noted that they are based on "low-level" methods -- meaning they seek out deviations on the basis of huge amounts of data, so they end up creating many false alarms.

"User modeling is computationally hard," said Upadhyaya. "Since many of these existing systems treat this problem purely statistically, any deviation from the norm is signaled as an anomaly, but it is often the case that an intrusion has not occurred.

"It’s a nuisance because an alarm can go off as often as every five minutes," he said.

By contrast, the system he developed with co-authors Rankumar Chinchani, a doctoral candidate in the UB Department of Computer Science and Engineering, and Kevin Kwiat of the Air Force Research Laboratory in Rome, N.Y., is based on the idea that the computation habits of normal users generally are well-defined and that he or she will work within those bounds.

"The normal behavior of computer users has been very well characterized," said Upadhyaya. "Normal users stick within well-defined parameters. Intruders or hackers, on the other hand, will not be able to carry out their intended operations within such well-defined parameters, and so will make the scope of his or her activities overly permissive," said Upadhyaya. "Our system is based on detecting that kind of behavior."

The key to the UB system’s success and its "scalable" feature is that its monitoring system operates at a high level, examining commands that users execute to perform certain operations. This is in contrast to the low-level monitoring that many existing packages perform, which examine commands as basic as the ones and zeroes of which email messages are composed.

"Our system is looking for a sequence of operations that falls within certain ’normal’ parameters," he explained.

"For example, if you want to make a document, you do certain things in a certain order, you create the document, you use a word processing program, you may run Spellcheck. Our system knows what to look for in the normal sequence that is necessary to accomplish this job. Any deviations from that are assumed to be potential cyberattacks."

The work was funded by the Air Force Research Laboratory in Rome, N.Y.

Ellen Goldbaum | EurekAlert!
Further information:
http://www.buffalo.edu/

More articles from Information Technology:

nachricht Fraunhofer FIT announces CloudTeams collaborative software development platform – join it for free
10.01.2017 | Fraunhofer-Institut für Angewandte Informationstechnik FIT

nachricht Electron-photon small-talk could have big impact on quantum computing
23.12.2016 | Princeton University

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Designing Architecture with Solar Building Envelopes

Among the general public, solar thermal energy is currently associated with dark blue, rectangular collectors on building roofs. Technologies are needed for aesthetically high quality architecture which offer the architect more room for manoeuvre when it comes to low- and plus-energy buildings. With the “ArKol” project, researchers at Fraunhofer ISE together with partners are currently developing two façade collectors for solar thermal energy generation, which permit a high degree of design flexibility: a strip collector for opaque façade sections and a solar thermal blind for transparent sections. The current state of the two developments will be presented at the BAU 2017 trade fair.

As part of the “ArKol – development of architecturally highly integrated façade collectors with heat pipes” project, Fraunhofer ISE together with its partners...

Im Focus: How to inflate a hardened concrete shell with a weight of 80 t

At TU Wien, an alternative for resource intensive formwork for the construction of concrete domes was developed. It is now used in a test dome for the Austrian Federal Railways Infrastructure (ÖBB Infrastruktur).

Concrete shells are efficient structures, but not very resource efficient. The formwork for the construction of concrete domes alone requires a high amount of...

Im Focus: Bacterial Pac Man molecule snaps at sugar

Many pathogens use certain sugar compounds from their host to help conceal themselves against the immune system. Scientists at the University of Bonn have now, in cooperation with researchers at the University of York in the United Kingdom, analyzed the dynamics of a bacterial molecule that is involved in this process. They demonstrate that the protein grabs onto the sugar molecule with a Pac Man-like chewing motion and holds it until it can be used. Their results could help design therapeutics that could make the protein poorer at grabbing and holding and hence compromise the pathogen in the host. The study has now been published in “Biophysical Journal”.

The cells of the mouth, nose and intestinal mucosa produce large quantities of a chemical called sialic acid. Many bacteria possess a special transport system...

Im Focus: Newly proposed reference datasets improve weather satellite data quality

UMD, NOAA collaboration demonstrates suitability of in-orbit datasets for weather satellite calibration

"Traffic and weather, together on the hour!" blasts your local radio station, while your smartphone knows the weather halfway across the world. A network of...

Im Focus: Repairing defects in fiber-reinforced plastics more efficiently

Fiber-reinforced plastics (FRP) are frequently used in the aeronautic and automobile industry. However, the repair of workpieces made of these composite materials is often less profitable than exchanging the part. In order to increase the lifetime of FRP parts and to make them more eco-efficient, the Laser Zentrum Hannover e.V. (LZH) and the Apodius GmbH want to combine a new measuring device for fiber layer orientation with an innovative laser-based repair process.

Defects in FRP pieces may be production or operation-related. Whether or not repair is cost-effective depends on the geometry of the defective area, the tools...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

12V, 48V, high-voltage – trends in E/E automotive architecture

10.01.2017 | Event News

2nd Conference on Non-Textual Information on 10 and 11 May 2017 in Hannover

09.01.2017 | Event News

Nothing will happen without batteries making it happen!

05.01.2017 | Event News

 
Latest News

Solar Collectors from Ultra-High Performance Concrete Combine Energy Efficiency and Aesthetics

16.01.2017 | Trade Fair News

3D scans for the automotive industry

16.01.2017 | Automotive Engineering

Nanoparticle Exposure Can Awaken Dormant Viruses in the Lungs

16.01.2017 | Life Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>