Multidimensional Cyber-security Analytics

Overview:

There is an increasing demand for robust capabilities of programmatically detecting intrusions and errors of computer programs in real time. This demand is growing rapidly as our society relies more on the ever-increasing number, variety, complexity, and interplay of computer programs. We experience this demand everyday – the performance of our email servers and other cloud services, recent glitches of Healthcare.gov, Internet banking services, and the variety and complexity of cyber-security concerns at personal, organizational, national, and international levels.

Anomaly-based intrusion detection techniques, such as the system-call monitoring and call-stack tracing techniques, focus around detecting runtime deviations (anomalies) from the observed normal of computer programs. This approach has been shown to be particularly useful for protecting an arbitrary computer program from unknown harms and errors without the knowledge of the program’s internal logic. This research is developing a framework for reasoning about a variable number of monitoring dimensions for applying anomaly detection in various contexts to provide mass protection of the numerous computer programs comprising our critical computing infrastructure.

Project Contact:

Mr. David Waltermire
(301) 975-3390
david.waltermire@nist.gov