| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | July 19, 2011 |
| Latest Amendment Date: | April 14, 2014 |
| Award Number: | 1140230 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Jeremy Epstein
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | May 25, 2011 |
| End Date: | May 31, 2015 (Estimated) |
| Total Intended Award Amount: | $310,526.00 |
| Total Awarded Amount to Date: | $322,526.00 |
| Funds Obligated to Date: |
FY 2011 = $80,000.00 FY 2012 = $80,000.00 FY 2013 = $86,000.00 FY 2014 = $6,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
926 DALNEY ST NW ATLANTA GA US 30318-6395 (404)894-4819 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
Atlanta GA US 30332-0250 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
Special Projects - CNS, TRUSTWORTHY COMPUTING, Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001112DB NSF RESEARCH & RELATED ACTIVIT 01001213DB NSF RESEARCH & RELATED ACTIVIT 01001314DB NSF RESEARCH & RELATED ACTIVIT 01001415DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
CAREER: A Networking Approach to Host-based Intrusion Detection
Proposal# 0844144
Raheem A. Beyah
Georgia State University
Award Abstract
Day by day, threats to the cyber infrastructure are becoming more complex and, in response, so too are defense mechanisms. One approach to securing nodes is to place a defense mechanism (e.g., intrusion detection system) on the node. This brings many challenges, with the most significant being that potential vulnerabilities in the defense mechanism can provide an additional avenue through which the host can be compromised. To address these challenges, this research investigates completely decoupling the defense mechanisms from the host, while continuing to provide insight about malicious activity as if the defense mechanisms resided on the host. This requires the development of new algorithms and the application of various techniques (e.g., statistical, machine learning, signal processing) to extract from a node?s network traffic characteristics that enable the inference of the state of its hardware components. Over the course of this project, a combination of experimentation and simulation will lead to the development of empirical and analytic models. The models will be used to develop network-based defense systems that provide capabilities similar to those provided by mechanisms traditionally considered host-based. This work leverages the concept of information leakage to bridge the computer architecture, computer networking, and network security fields. This project also seeks to broaden participation of groups traditionally underrepresented in the areas of science, technology, engineering, and mathematics (STEM). Accordingly, through a summer academy, the PI is actively engaging underrepresented middle school students by using current technology to convey abstract computer architecture and computer networking concepts.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Traditionally, the network and computing device (e.g., computer, smartphone) have been considered as two separate entities. However, it was hypothesized that if the two were treated as a unit, new techniques for network security could be developed. Thus, the goal of this research program was to establish an inherent bridge between the domains of computer architecture and computer networking. Rather than considering the traditional approach of installing software on a node to observe host characteristics, the PI explored approaches for securing and managing the host by using a remote device that observes network traffic. The long-term goal of this research program is to have general principles that allow traditional node security and manageability techniques (e.g., host-based anomaly intrusion detection, host-based signature intrusion detection, node resource management, application identification, device architecture identification) to be performed externally from the network. This work resulted several publications that detailed the link between the components in use on a computing device and the network and several applications of the newly discovered phenomenon. One application was to develop a device fingerprinting technique that creates fingerprints of devices communicating on the network (without the need for software installation on the node) by monitoring the traffic generated by the node. This technique could be used to help secure networks comprised of resource-constrained nodes like those that will comprise the Internet of Things. Another application is a technique to passively detect the utilization of nodes on a grid network. This technique improved the current state-of-the-art by removing the need to query nodes to determine their workload. This reduced the traffic on the network and can lead to a more efficient cluster grid.
Last Modified: 06/22/2015
Modified by: Raheem A Beyah
Please report errors in award information by writing to: awardsearch@nsf.gov.
