Protecting Today's Enterprise Systems against Zero-day Attacks

Page Content

Page Content

Saurabh Bagchi - Purdue University

Feb 27, 2013

Abstract

To secure today's enterprise computer systems, it is critical to have different intrusion detection sensors (IDS) embedded in them. In spite of that, the complexity of such distributed computer systems makes it difficult to determine the appropriate choice and placement of these detectors. In this talk, we will first describe a method to evaluate the effect a detector configuration has on the accuracy and precision of determining the system's security goals. The method is based on a Bayesian network model, obtained from an attack graph representation of the target system. Using Bayesian inference, we implement a dynamic programming algorithm for determining the optimal detector settings in a large-scale distributed system. We extend this algorithm to work for the common case scenario that the distributed system changes over time (say with the addition of new machines or new users) and the target attacks also change over time. In the final piece of the talk, we describe how to protect the systems when one or more attack steps have not been seen before, i.e., zero-day attacks. In our evaluation, we show the result of applying our technique to real attacks against a production enterprise network.

About the Speaker

Saurabh Bagchi is an Associate Professor in the School of Electrical and Computer Engineering and the Department of Computer Science at Purdue University in West Lafayette, Indiana. He is a senior member of IEEE and ACM, an IMPACT faculty fellow at Purdue University and the Assistant Director of the CERIAS security center at Purdue. He received the MS and PhD degrees from the University of Illinois, Urbana-Champaign, in 1998 and 2001, respectively. At Purdue, he leads the Dependable Computing Systems Laboratory (DCSL), where he and a set of wildly enthusiastic students try to make and break distributed systems for the good of the world.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

© 1999-2014 Purdue University. All rights reserved.

Use/Reuse Guidelines

CERIAS Seminar materials are intended for educational, non-commercial use only and any or all commercial use is prohibited. Any use must attribute "The CERIAS Seminar at Purdue University." Opinions expressed in the recordings are not necessarily representative of the views of CERIAS or of Purdue University.