Drs. Xiao and Wu receive NSF SaTC award
Assistant Professor Xusheng Xiao and Assistant Professor Yinghui Wu from the Department of Computer and Data Sciences were awarded a three-year grant in the amount of $499,979 from the National Science Foundation, for a project entitled “SaTC: CORE: Small: Scalable Cyber Attack Investigation using Declarative Queries and Interrogative Analysis.”
Recent cyber attacks that exploit multiple vulnerabilities plague even the most protected companies. This has led to the solutions that ubiquitously monitor system activities as a series of system events, and apply causality analysis to reveal the attack steps through reconstructing the events and their dependencies on the attack as dependency graphs. Nevertheless, existing techniques mainly exploit event time to identify dependencies. This will include many less-important dependencies brought by irrelevant system activities. Moreover, these techniques cannot easily incorporate expert knowledge from security analysts due to limited extensibility, and provide little support to engage security analysts to actively explore the dependencies.
Prof. Xiao and Prof. Wu's group will develop a general query framework to express and extract contextual attack information, by constructing small graphs of attack-relevant events from system audit logs. The research of the project is expected to make a major positive impact on system security by enhancing attack investigation using system audit logs, and provide contextual information to help intrusion detection systems better prioritize alerts.