The objective of this contract is to investigate and develop advanced learning and reasoning technologies for security in open systems. The proposed work will formalize and develop a notion of reflective systems that are capable of reasoning about their level of security, identify and adapt to changes in their environment. Key in developing this notion is the use of statistical learning methods to induce a private digital guard for digital (but also for physical or organizational) entities of interest. The main interest in the current phase will be in computing systems although we envision that the methods developed can be applied to design digital guards to seminar rooms, workstations, nodes in a cluster, a cluster, a building, or a committee.
Description of format to be forthcoming shortly. sed research on digital guards will make use of statistical learning and inference methods, which are capable of inducing regularities in data and use those to make inferences (e.g., detect irregularities) with respect to future (previously unobserved) data. These methods can be applied both to static and sequential (temporal) data, and be used to chunk it to events of unique structural or statistical characteristics, categorize it as belonging to one of several types and do this in context sensitive ways (that is, identify those patterns or sequences that may be legitimate in a specific domain, but are unlikely in a given context - defined either externally or with respect to other phenomena observed in the data). The research in this project will allow us to develop the foundations of statistical learning methods for the domain of reliable and secure computation and communication as well as to apply these methods to a broad range of problems in this domain including the characterization of user and computer behavior, both local and global (correlated) behaviors across systems; classification of users, computers or network behaviors; detection of irregular activities and behaviors within or across systems; intrusion detection; testing and assessing security of existing systems and protocols - all manifested in the form of the digital guards. Of specific concern to us in the first design stages of this work will be the problem of security breaches by insiders. These have characteristics that are similar to other abnormal behaviors, but are more subtle and thus might require observing more data, and perhaps more diverse data. One of the additional technical issues that this problem brings up is that of the availability of data that is characteristic of abnormal behaviors. While a large set of positive examples (normal behaviors) can be easily obtained, negative examples are very rare (and hard to get even if known to some organization). Our approach would be to study simultaneously the problem of exploiting the system, and have one of the Ph.D. students involved in the project play the role of the intruder. This will allow us to have authentic data for the other side. The experimental evaluation will thus take the form of a competition between two programs, an attacker and a defender.
The main anticipated benefits of digital guard concept are: