[ Overview | Details | Participants ]
Intruder detection systems are an important component of many IT systems. These monitor activity on a system, like a computer or a network, for patterns of malicious activity. Most current intruder detection systems do not successfully detect mimicry attacks. In the current phase, this project investigates machine learning schemes to implement intruder detections systems which can recognize these kind of attacks on the system.
At a broader level, the goal of the project is to formalize systems that are capable of reasoning about their level of security, identify and adapt to changes to their environment.
Intruder detection systems (IDS) monitor the activity of a computer system to identify patterns of malicious activity. While most IDSs identify many attacks with a high accuracy, many are susceptible to mimicry attacks where an attacker modifies masquerades as a legitimate user. The goal of this project is to develop machine learning schemes that identify such attacks. We also study formal models of an IDS to provide theoretical guarantees of these systems.
It is reasonable to believe that an insider who is trying to masquerade as another user will not be able to impersonate this user under all possible circumstances and will reveal her true identity when faced with an unexpected situation. This means that if the IDS assumes an active role in the system it can force the user into an unexpected situation.
The longer term goal of this project is to allow us to develop foundations of statistical learning methods for reliable and secure computation and communication as well as to apply these methods to a broad range of problems.