Automated Early Warning System for Cyber-Intrusion Detection

Abstract

Problem: End-user computing devices are under increasingly sophisticated attacks from state and non-state adversaries. Commonly, these attacks often masquerade as familiar links or message elements that compromise an end-user computing device when unintentionallyous software exploits and virus signatures that can be used by anti-virus detectors to search through files stored on the computer and to search through newly downloaded data files looking for matches to malicious code or virus signatures. This existing methodologed other computers, been detected and analyzed, been added to an anti-virus definitions file, and been distributed to the computer to be protected. In this proposal, a novel approach is offered that provides some level of proactive defense for a computer system, even against zero-day exploits that have never been seen before. We propose to add a cyber-security monitor function to the end-user computing devices that identifies operational behavior that is Abnormal and brings them to the human users attention. Key challengy groups of users can share information about features to reduce requirements for human intervention without increasing the error rate.Method: We propose a basic program of research to explore the best strategy for developing a cyber security monitor for end-user computing devices. We envision that the cyber-security monitor would periodically extract various features of the ongoing operations at the hardware level and across the software stack (collectively the feature vectors), it would classify the sequence of feature vectors into Normal and Abnormal using Machine Learning techniques, and it would include an interface to allow the human user to evaluate whether an Abnormal feature should be added to the Normal feature space or should be identified as an attack and quarantined, aiding the cyber-security monitor to better understand what is Normal for this human user and this particular end-user computing device. This research will explore various sets of features vectors across the hardware and software stack in order to identify the ones that best enable Machine Learning algorithms to correctly separate Normal from Abnormal operations. We further propose to carry out network research to optimize the way in which a community of human users, each with their own end-user computing devices, can collaborate in the detection of attacks and share information about feature vectors at a level that is universal among users and their devices. In order to assess best approaches, we propose to develop a hierarchical simulation strategy that will model the extraction of feature vectors from various computing devices in response to particular instruction streams and that will model the human user security monitor. Finally, we propose to extend the simulation framework to allow research on how to best share information betweennd-user computing devices that proactively detects and warns human users about unusual behaviors detected in their computing device. An additional outcome of the proposed research is a simulation framework that models an ecosystem of computers and their human users in order to determine their resilience in the face of a variety of software exploits and viruses insertion attempts.National Defense Impact: A reliable and trustworthy computing infrastructure is a key component of a strong national defense. The proposed research lays the foundation for strengthening national defense by providing the DoD with new tools that can proac even zero-day assaults on the DoD computing infrastructure. In addition, the proposed research will aid in testing and developing t

Document Details

Document Type

DoD Grant Award

Publication Date

Dec 04, 2020

Source ID

N000142114012

Entities

Tags