CIS held the first research seminar in Fall 2018
Dr. Birhanu Eshete, Assistant Professor of Computer and Information Science, gave the first CIS seminar on his new research results in cybersecurity.
Dr. Birhanu Eshete, Assistant Professor of Computer and Information Science, gave the first CIS seminar in Fall 2018 on his new research results in cybersecurity, which will be presented at the 40th IEEE Security and Privacy Symposium (S&P), 2019.
Over the last decade, cyber-attacks have evolved from isolated malware infection incidents to highly advanced, stealthy, and organized campaigns called Advanced and Persistent Threats (APTs). Despite their effort to stay under the radar, APTs often leave footprints and tend to follow a correlated sequence of steps to realize their malicious intent. Given a set of monitored enterprise hosts, one challenge is how to reliably detect if an APT is unfolding. A related challenge is, in the face of predominantly benign system events, how to precisely correlate attack signals towards an attack story that narrates what went wrong.
In this seminar, Dr. Eshete presented his latest work for the detection of APTs by leveraging information flow correlation among system entities. He first discussed the details of how to effectively leverage the correlation between suspicious information flows that arise during an APT campaign. He then discussed how their system generates a high-level attack scenario graph that summarizes the attacker’s actions in real-time. This graph can be used by an analyst for an effective cyber response. Using datasets of adversarial engagements conducted by a dedicated red-team, they can evaluate the effectiveness and efficiency of our system against real-world APTs.