Network Security & Intrusion Detection
|
DNAD: Distributed Network Anomaly Detection
|
|
The Distributed Network Anomaly Detection
project is a feasibility study to determine how best to effectively
implement widespread sharing of intrusion detection data to identify
both global threats and "low-and-slow" scans.
Furthermore, we're looking at building a suite of tools to aid in
forensic analysis and information sharing, as well as profiling
current production intrusion correlation systems. In addition, we
are exploring Bloom filters as a method of protecting confidential
data that is potentially exchanged during the sharing of intrusion
data between peers. The problem is essentially a SMP (Secure Multi-party
Computation) problem, and the general form of the data trading is
infeasible under current hardware constraints. We are looking at
reduction and correlation algorithms to address the sheer complexity
of distributed intrusion information exchange to arrive at a low-cost
consensus of peers.
Additional work was previously done by Janek J. Parekh on the
Worminator utility.
|
|
|
People
|
Sal Stolfo,
Professor, Computer Science Department, Columbia University
Vishal Misra,
Professor, Computer Science Department, Columbia University
Angelos D. Keromytis,
Professor, Computer Science Department, Columbia University
Tal Malkin,
Professor, Computer Science Department, Columbia University
Garry Channing,
PhD student, Computer Science Department, Columbia University
Michael E. Locasto,
PhD student, Computer Science Department, Columbia University
Along with Wenke Lee and Oleg Kolesnikov at GaTech.
|
|
|
|
|
|