Event
Ph.D. Research Proposal Exam: Shuangqi Luo
Monday, January 29, 2024
3:30 a.m.
AVW 2460
Maria Hoo
301 405 3681
mch@umd.edu
ANNOUNCEMENT: Ph.D. Research Proposal Exam
Name: Shuangqi Luo
Committee:
Professor Rajeev Barua (Chair)
Professor Yonghwi Kwon
Professor Michel Cukier
Date/time: Monday, Jan 29, 2024 at 3:30-5:30 pm
Location: AVW 2460
Title: Real-Time, Maintainable, and Robust Event-Based Intrusion Detection Systems via Supersequence Detection of Attribute Grammars
Abstract:
In the ever-evolving landscape of cybersecurity, the increasing sophistication of threats necessitates an Intrusion Detection System (IDS) that is capable of real-time operation to preempt damage, maintainable for agile adaptability to evolving threats, and robust against evasions. Traditional signature-based systems fall short, particularly against polymorphic and metamorphic malware, as well as fileless attacks. Machine Learning approaches, despite their potential, grapple with challenges like data poisoning, model opaqueness, and high computational demands.
This research proposes a rule-based, event-based IDS framework employing Supersequence Detection of Attribute Grammars (SDAG) to address these challenges. SDAG stands out for its ability to integrate diverse data points into a unified context, crucial for accurately distinguishing between benign and malicious activities. While SDAG has been explored by previous works under different names, they either overlooked the time and space complexities of SDAG or simply pointed out it could be exponential-time. In contrast, this study breaks new ground by developing a foundational theoretical framework to analyze the real-time operational feasibility of SDAG. Key contributions include the development of theorems defining conditions for SDAG to operate in real-time, the creation of an offline symbolic rule analyzer for early assessment of rule viability for real-time SDAG, and the establishment of guidelines for formulating effective real-time rules.
This research will unfold in two phases. The initial phase focuses on the development of a theoretical framework and a symbolic analyzer for SDAG, laying the groundwork for rule formulation in the next phase. The second phase involves writing SDAG rules and implementing a prototype SDAG-based IDS for the DARPA OpTC dataset, to demonstrate SDAG’s real-world applicability and effectiveness. This phased approach aims to not only enhance theoretical understanding but also emphasize practical utility of the proposed approach.
This research proposes a rule-based, event-based IDS framework employing Supersequence Detection of Attribute Grammars (SDAG) to address these challenges. SDAG stands out for its ability to integrate diverse data points into a unified context, crucial for accurately distinguishing between benign and malicious activities. While SDAG has been explored by previous works under different names, they either overlooked the time and space complexities of SDAG or simply pointed out it could be exponential-time. In contrast, this study breaks new ground by developing a foundational theoretical framework to analyze the real-time operational feasibility of SDAG. Key contributions include the development of theorems defining conditions for SDAG to operate in real-time, the creation of an offline symbolic rule analyzer for early assessment of rule viability for real-time SDAG, and the establishment of guidelines for formulating effective real-time rules.
This research will unfold in two phases. The initial phase focuses on the development of a theoretical framework and a symbolic analyzer for SDAG, laying the groundwork for rule formulation in the next phase. The second phase involves writing SDAG rules and implementing a prototype SDAG-based IDS for the DARPA OpTC dataset, to demonstrate SDAG’s real-world applicability and effectiveness. This phased approach aims to not only enhance theoretical understanding but also emphasize practical utility of the proposed approach.
