Title | Artifacts and Indicators Analysis in Cyber Security |
Speaker | Prof. Ratan K. Guha |
Chair | Dipankar Dasgupta |
Abstract
In the cyberspace, computing devices today are under constant attack by adversaries who are looking for opportunistic ways to gain unauthorized access, steal sensitive data and damage critical systems, causing disruption or chaos, or exploit those systems for their own use (command and control [C2]). Regardless of the motives, these attacks typically occur against a series of computer systems that relate in some manner (i.e. banking systems). Being able to understand the attackers’ tactics, techniques, and procedures (TTP) and to reuse that knowledge against other systems becomes critical to help detecting the attackers’ movement, where they may have conducted other security breaches, and to help play catch-up and remove the persistent threat of the attacker. Using artifacts and indicators as a way to define the various TTPs can act as a tool to help share intelligence. In order to identify behavior patterns within artifacts, indicators can help identify potential concerns or cause an action to take place. In this talk, I will present a simulation to demonstrate the indicator lifecycle in which a malware binary was created to perform https C2. I will also present a computational intelligence approach to develop a system which uses artifacts and indicators to identify an attack in cyberspace. As a specific example we present a system that is capable of: 1) locally classifying actions as intruder or non-intruder type, and 2) consulting neighbors in cyber space for casting a majority vote, upon finding high ambiguity on a decision.
Biography
Ratan K. Guha is a professor in the Department of Electrical Engineering and Computer Science at the University of Central Florida. He received his B.Sc. degree with honors in Mathematics and M.Sc. degree in Applied Mathematics from the University of Calcutta and received his Ph.D. degree in Computer Science from the University of Texas at Austin. He has authored over 150 papers published in various computer journals, book chapters and conference proceedings. His work has been supported by grants from ARO, NSF, STRICOM, PM-TRADE, NASA, and the State of Florida. He has served as a member of the program committee of several conferences, as the general chair of CSMA’98 and CSMA’2000 and as the guest co-editor of a special issue of the “Journal of Simulation Practice and Theory” and “Journal of Computers”. He is currently serving in the editorial board of Modelling and Simulation in Engineering published by Hindawi Publishing Corporation. He actively conducts research in computer networks and security and introduced a required computer security course for all undergraduate CS and IT students at the University of Central Florida. He is a member of ACM, ASEE, Life member of IEEE and served as a member of the Board of Directors of SCS from 2004 to 2006.