Protecting Today's Enterprise Systems against Zero-day Attacks
Saurabh Bagchi - Purdue University
Feb 27, 2013
AbstractTo secure today's enterprise computer systems, it is critical to have different intrusion detection sensors (IDS) embedded in them. In spite of that, the complexity of such distributed computer systems makes it difficult to determine the appropriate choice and placement of these detectors. In this talk, we will first describe a method to evaluate the effect a detector configuration has on the accuracy and precision of determining the system's security goals. The method is based on a Bayesian network model, obtained from an attack graph representation of the target system. Using Bayesian inference, we implement a dynamic programming algorithm for determining the optimal detector settings in a large-scale distributed system. We extend this algorithm to work for the common case scenario that the distributed system changes over time (say with the addition of new machines or new users) and the target attacks also change over time. In the final piece of the talk, we describe how to protect the systems when one or more attack steps have not been seen before, i.e., zero-day attacks. In our evaluation, we show the result of applying our technique to real attacks against a production enterprise network.
About the SpeakerSaurabh Bagchi is an Associate Professor in the School of Electrical and Computer Engineering and the Department of Computer Science at Purdue University in West Lafayette, Indiana. He is a senior member of IEEE and ACM, an IMPACT faculty fellow at Purdue University and the Assistant Director of the CERIAS security center at Purdue. He received the MS and PhD degrees from the University of Illinois, Urbana-Champaign, in 1998 and 2001, respectively. At Purdue, he leads the Dependable Computing Systems Laboratory (DCSL), where he and a set of wildly enthusiastic students try to make and break distributed systems for the good of the world.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.