Research
Patent
“Method and System for Detecting
Cyber-attacks” Patent USPO
# 61916983 (pending).
Co-inventors: George
Karabatis, Ahmed AlEroud
Selected
Funded Research Projects
Anonymization
of network trace data [funded by MITRE Corp. FFRDC
project]
PI: George Karabatis. Co-PI: Zhiyuan Chen
Sharing
network trace data for identifying security attacks is a very sensitive
issue for any organization as everyone prefers access to real (not
synthetic)
network trace datasets to test their research, but nobody wants to
reveal
internal information to the public. The purpose of this projec is to
design and
test algorithms that anonymize (preserve the privacy of)
network trace data, thus generating
a dataset that can be used for security analysis (i.e., retaining the
utility of
the original dataset) and at the same time does not reveal sensitive
information. The proposed algorithms have both strong privacy
protection and high utility. The significance of this component is
quite high due to the
fact that an organization’s privacy is preserved, and a dataset can be
freely distributed to many organizations and institutions for testing
purposes: a simple
and practical solution to a big problem.
CRAFT:
Contextually Revealing Attacks
over Flows Tool
[funded by TEDCO - State of MD] PI: George Karabatis
Detecting cyber-attacks is a major concern for network managers and
security specialists. Identification and prevention of computer attacks
in an efficient and accurate manner by analyzing network flows is a
technology of the future that we are developing today with CRAFT. The
amount of network traffic (amount of network packets) allowed by modern
network technology is overwhelming and current intrusion-detection
systems find it increasingly difficult to cope with. An alternative
approach is to detect attack patterns by investigating network flows
(which carry aggregate information from packets). CRAFT is a promising
solution for the detection of attacks by analyzing network flows. The
novel aspect of CRAFT is the exploitation of contextual and semantic
information among flows. Armed with this contextual information CRAFT
can predict multi-step attacks better than any other system of its
kind. We have solid evidence from preliminary experiments demonstrating
the fitness of CRAFT in today’s market.
Prediction,
Measurement and Circumvention of Cyber Threats through Contextual
Semantics
[funded by
Northrop-Grumman] PI:
George Karabatis
This
project targets research problems of cyber threats, and aims to generate
a prediction model which measures the impact of potential cyber-attacks on the current system using
semantic attack graphs and exploiting contexts. It automatically generates
contexts through information quality measures to increase prediction accuracy of potential threats.
It measure the quality of the current system prototype through calibration
and experimentation with additional data sets, and test different similarity
measures. We generate a prediction model to accurately measure the impact of potential threats using semantic attack graphs,
an enhanced version of attack graphs. These graphs contain additional
information about the various contexts and relationships generated by the semantic
networks to increase the prediction accuracy. We also investigate to what extend
0-day attacks can be revealed within this prediction model.
Using Context and
Semantic Networks to support Software Engineers [funded by NSF] PI:
George
Karabatis; Co-PI: Zhiyuan Chen
This
project examines and propose solutions to the problem of searching for
relevant
information that software engineers need in a timely fashion in
response to a
change request. It investigates how
the combined use of self-evolving semantic networks and context
information can
provide additional relevant information in response to a search that is
custom-made for the user’s specific needs, decreasing the time to
locate
historical design information highly relevant to a proposed change
request. It
investigates methods to (semi)automatically create and maintain
semantic
networks. It examines how context affects and enhances the information
being
sought, and it evaluates the methods through experimentation.