|
|
STAND proposes extending the training phase of AD sensors (in a manner agnostic to the underlying AD algorithm) to include a sanitization phase. This phase combines what we call micro-models in a voting scheme to determine which parts of the training data may represent attacks. We also show how a collaborative approach that combines models from different networks or domains can further refine the sanitization process. |
| |
|
|
|
The BBNAC project proposes a behavior-based access control for wireless and wired networks. A user is granted access to a network based on its profile or typical behavior over time. We are studying the feasibility of representing a user profile by its content or by other non-content volumetric parameters. Previous worked studied how to implement thisd approach for Mobile Ad-Hoc Networks (MANETS). |
| |
|
|
|
Polymorphic malcode remains a troubling threat to the security community. The ability for malcode to be automatically transformed into semantically equivalent variants frustrates attempts to rapidly construct a single, simple, easily variable representation. We present a quantitative analysis of the strengths and limitations of shellcode polymorphism and consider its impact on current intrusion detection practice. We focus on the nature of shellcode decoding routines; the empirical evidence we gather helps show that modeling the class of self-modifying code is likely intractable by known methods, including both statistical constructs and string signatures. |
| |
|
|
|
RUU is the insider project, which explores solutions to traitors and masqueraders within an organization.
The Project includes host side sensors, and active trapping technology to detect malicious insiders. |
| |
|
|
|
The Secure Encrypted Search project aims to solve the following problems
Privacy enhanced Search
- Searching an encrypted database without disclosing the contents of the query.
- Providing access to a querier only to those parts of the database relevant to the query.
Document matching
Facilitating two agencies which have collections of documents to determine the set of documents common to their collections, without exchanging the documents.
Group Encrypted Bloom Filters are used to solve both the above problems in an efficient manner. |
|
|
