Publications

9 Results
Skip to search filters

Detailed Statistical Models of Host-Based Data for Detection of Malicious Activity

Acquesta, Erin A.; Chen, Guenevere C.; Adams, Susan S.; Bryant, Ross D.; Haas, Jason J.; Johnson, Nicholas T.; Romanowich, Paul R.; Roy, Krishna C.; Shakamuri, Mayuri S.; Ting, Christina T.

The cybersecurity research community has focused primarily on the analysis and automation of intrusion detection systems by examining network traffic behaviors. Expanding on this expertise, advanced cyber defense analysis is turning to host-based data to use in research and development to produce the next generation network defense tools. The ability to perform deep packet inspection of network traffic is increasingly harder with most boundary network traffic moving to HTTPS. Additionally, network data alone does not provide a full picture of end-to-end activity. These are some of the reasons that necessitate looking at other data sources such as host data. We outline our investigation into the processing, formatting, and storing of the data along with the preliminary results from our exploratory data analysis. In writing this report, it is our goal to aid in guiding future research by providing foundational understanding for an area of cybersecurity that is rich with a variety of complex, categorical, and sparse data, with a strong human influence component. Including suggestions for guiding potential directions for future research.

More Details

Dynamic defense workshop :

Haas, Jason J.; Doak, Justin E.; Crosby, Sean M.; Helinski, Ryan H.; Lamb, Christopher L.

On September 5th and 6th, 2012, the Dynamic Defense Workshop: From Research to Practice brought together researchers from academia, industry, and Sandia with the goals of increasing collaboration between Sandia National Laboratories and external organizations, de ning and un- derstanding dynamic, or moving target, defense concepts and directions, and gaining a greater understanding of the state of the art for dynamic defense. Through the workshop, we broadened and re ned our de nition and understanding, identi ed new approaches to inherent challenges, and de ned principles of dynamic defense. Half of the workshop was devoted to presentations of current state-of-the-art work. Presentation topics included areas such as the failure of current defenses, threats, techniques, goals of dynamic defense, theory, foundations of dynamic defense, future directions and open research questions related to dynamic defense. The remainder of the workshop was discussion, which was broken down into sessions on de ning challenges, applications to host or mobile environments, applications to enterprise network environments, exploring research and operational taxonomies, and determining how to apply scienti c rigor to and investigating the eld of dynamic defense.

More Details

Global revocation for the intersection collision warning safety application

VANET'12 - Proceedings of the 9th ACM International Workshop on VehiculAr Inter-NETworking, Systems, and Applications

Haas, Jason J.

Identifying and removing malicious insiders from a network is a topic of active research. Vehicular ad hoc networks (VANETs) may suffer from insider attacks; that is, an attacker may use authorized vehicles to attack other vehicles. Specifically, attackers may use their vehicles to broadcast specially formed packets that will trigger warnings in target vehicles. This malicious behavior could have a significant detrimental effect on cooperative safety applications (SAs), one of the driving forces behind VANET deployment. We propose modifications to the intersection collision warning (ICW) SA that enable a certificate authority (CA) to be offline and yet to decide to revoke a vehicle's certificates using retransmitted information that cannot repudiated. Our approach differs from previous proposals in that it is SA specific, and it is immune to Sybil attacks. We simulate and measure the resources an attacker requires to attack a vehicle using the ICW SA without our modifications and demonstrate that our additions reduce the false positive rate arising from errors in estimated vehicle dynamics. © 2012 Author.

More Details

Low-cost mitigation of privacy loss due to radiometric identification

Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM

Haas, Jason J.; Hu, Yih C.; Laurenti, Nicola

Recently, there has been much interest in using radiometric identification (also known as wireless fingerprinting) for the purposes of authentication. Previous work has shown that using radiometric identification can discriminate among devices with a high degree of accuracy when simultaneously using multiple radiometric characteristics. Additionally, researchers have noted the potential for wireless fingerprinting to be used for more devious purposes, specifically that of privacy invasion or compromise. In fact, any such radiometric characteristic that is useful for authentication is useful for privacy compromise. To date, there has not been any proposal of how to mitigate such privacy loss for many of these radiometric characteristics, and specifically no such proposal for how to mitigate such privacy loss in a low-cost manner. In this paper, we investigate some limits of an attacker's ability to compromise privacy, specifically an attacker that uses a transmitter's carrier frequency. We propose low-cost mechanisms for mitigating privacy loss for various radiometric characteristics. In our development and evaluation, we specifically consider a vehicular network (VANET) environment. We consider this environment in particular because VANETs will have the potential to leak significant, longterm information that could be used to compromise drivers' personal information such as home address, work address, and the locations of any businesses the driver frequents. While tracking a vehicle using visually observable information (e.g., license plates) to obtain personal information is possible, such means require line-of-sight, whereas radiometric identification would not. Finally, we evaluate one of our proposed mechanisms via simulation. Specifically, we evaluate our carrier frequency switching mechanism, comparing it to the theory we develop, and we show the precision with which vehicles will need to switch their physical layer identities given our parameterization for VANETs. © 2011 ACM.

More Details
9 Results
9 Results