Visible to the public Systematization of Knowledge from Intrusion Detection Models - July 2016Conflict Detection Enabled

Submitted by drwright on Mon, 06/13/2016 - 9:49am

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Huaiyu Dai, Andy Meneely
Researchers:

Xiaofan He, Yufan Huang, Richeng Jin, Nuthan Munaiah, Kevin Campusano Gonzalez

HARD PROBLEM(S) ADDRESSED

  • Security Metrics and Models - The project aims to establish common criteria for evaluating and systematizing knowledge contributed by research on intrusion detection models.
  • Resilient Architectures - Robust intrusion detection models serve to make large systems more resilient to attack.
  • Scalability and Composability - Intrusion detection models deal with large data sets every day, so scale is always a significant concern.
  • Humans - A key aspect of intrusion detection is interpreting the output and acting upon it, which inherently involves humans. Furthermore, intrusion detection models are ultimately simulations of human behavior.

 

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

  • N/A

 

ACCOMPLISHMENT HIGHLIGHTS

  • We initiated a study on achieving privacy-aware collaborative security decision making, which is expected to benefit a group of interdependent but self-interested defenders such as intrusion detection systems. In our initial study, a group of privacy-aware defenders conduct collaborative security investment. The optimal amount of security investment depends on the privacy state of the defenders, while each defender reveals only an obfuscated version of its private state information due to privacy concerns. We found that by carefully controlling the level of obfuscation, a tradeoff between security utility and privacy can be achieved. Interestingly, we also observed that privacy and security can be enhanced simultaneously in some special cases.

  • We also conducted an initial study on metrics for measuring different notions of privacy, including information-theoretic privacy and differential privacy.

Groups: