Storytelling Security: Semantic and Structural Causal Analysis
ABSTRACT
Our project investigates the theory and practice of a novel user-‐centric anomaly detection methodology for securing hosts and networks. We point out the advantages (more permanent than intrusion detection) as well as technical challenges (namely diversity and scalability) associated with designing and realizing effective anomaly detection tools for monitoring systems. Our unique approach is through the semantic and structural causal analysis of system events. We aim at analyzing how systems respond to user requests by identifying the dependency relations of events and their triggers. We describe our storytelling security vision and report our results obtained so far. We are able to make substantial contributions in several computer science frontiers including security, operating system, and data mining. Our ongoing research efforts are focused on laying the theoretical foundations for semantic and structural anomaly detection, as well as developing both practical tools demonstrating the feasibility of our approach.
Award ID: 0953638