Research
Home    |    Research   |    Publications   |    Teaching   |    Service

Patent

Method and System for Detecting Cyber-attacks” Patent  USPO #  61916983 (pending). Co-inventors: George Karabatis, Ahmed AlEroud



Selected Funded Research Projects

Anonymization of network trace data [funded by MITRE Corp. FFRDC project]  PI: George Karabatis. Co-PI: Zhiyuan Chen
Sharing network trace data for identifying security attacks is a very sensitive issue for any organization as everyone prefers access to real (not synthetic) network trace datasets to test their research, but nobody wants to reveal internal information to the public. The purpose of this projec is to design and test algorithms that anonymize (preserve the privacy of) network trace data, thus generating a dataset that can be used for security analysis (i.e., retaining the utility of the original dataset) and at the same time does not reveal sensitive information. The proposed algorithms have both strong privacy protection and high utility. The significance of this component is quite high due to the fact that an organization’s privacy is preserved, and a dataset can be freely distributed to many organizations and institutions for testing purposes: a simple and practical solution to a big problem.

CRAFT: Contextually Revealing Attacks over Flows Tool  [funded by TEDCO - State of MD] PI: George Karabatis
Detecting cyber-attacks is a major concern for network managers and security specialists. Identification and prevention of computer attacks in an efficient and accurate manner by analyzing network flows is a technology of the future that we are developing today with CRAFT. The amount of network traffic (amount of network packets) allowed by modern network technology is overwhelming and current intrusion-detection systems find it increasingly difficult to cope with. An alternative approach is to detect attack patterns by investigating network flows (which carry aggregate information from packets). CRAFT is a promising solution for the detection of attacks by analyzing network flows. The novel aspect of CRAFT is the exploitation of contextual and semantic information among flows. Armed with this contextual information CRAFT can predict multi-step attacks better than any other system of its kind. We have solid evidence from preliminary experiments demonstrating the fitness of CRAFT in today’s market.

Prediction, Measurement and Circumvention of Cyber Threats through Contextual Semantics [funded by Northrop-Grumman] PI: George Karabatis
This project targets research problems of cyber threats, and aims to generate a prediction model which measures the impact of potential cyber-attacks on the current system using semantic attack graphs and exploiting contexts. It automatically generates contexts through information quality measures to increase prediction accuracy of potential threats. It measure the quality of the current system prototype through calibration and experimentation with additional data sets, and test different similarity measures. We generate a prediction model to accurately measure the impact of potential threats using semantic attack graphs, an enhanced version of attack graphs. These graphs contain additional information about the various contexts and relationships generated by the semantic networks to increase the prediction accuracy. We also investigate to what extend 0-day attacks can be revealed within this prediction model.

Using Context and Semantic Networks to support Software Engineers [funded by NSF] PI: George Karabatis; Co-PI: Zhiyuan Chen
This project examines and propose solutions to the problem of searching for relevant information that software engineers need in a timely fashion in response to a change request. It investigates how the combined use of self-evolving semantic networks and context information can provide additional relevant information in response to a search that is custom-made for the user’s specific needs, decreasing the time to locate historical design information highly relevant to a proposed change request. It investigates methods to (semi)automatically create and maintain semantic networks. It examines how context affects and enhances the information being sought, and it evaluates the methods through experimentation.