Visible to the public Towards an Unified Security Testbed and Security Analytics FrameworkConflict Detection Enabled

TitleTowards an Unified Security Testbed and Security Analytics Framework
Publication TypeConference Paper
Year of Publication2015
AuthorsPhuong Cao, University of Illinois at Urbana-Champaign, Eric C. Badger, University of Illinois at Urbana-Champaign, Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign, Ravishankar K. Iyer, University of Illinois at Urbana-Champaign, Alexander Withers, University of Illinois at Urbana-Champaign, Adam J. Slagell, University of Illinois at Urbana-Champaign
Conference NameSymposium and Bootcamp for the Science of Security (HotSoS 2015)
PublisherACM
Conference LocationUrbana, IL
KeywordsData Driven Security Models and Analysis, log processing, monitoring architecture, NSA SoS Lablets Materials, science of security, system architecture, UIUC
Abstract

This paper presents the architecture of an end-to-end secu- rity testbed and security analytics framework, which aims to: i) understand real-world exploitation of known security vulnerabilities and ii) preemptively detect multi-stage at- tacks, i.e., before the system misuse. With the increasing number of security vulnerabilities, it is necessary for secu- rity researchers and practitioners to understand: i) system and network behaviors under attacks and ii) potential ef- fects of attacks to the target infrastructure. To safely em- ulate and instrument exploits of known vulnerabilities, we use virtualization techniques to isolate attacks in contain- ers, e.g., Linux-based containers or Virtual Machines, and to deploy monitors, e.g., kernel probes or network packet captures, across a system and network stack. To infer the evolution of attack stages from monitoring data, we use a probabilistic graphical model, namely AttackTagger, that represents learned knowledge of simulated attacks in our se- curity testbed and real-world attacks. Experiments are be- ing run on a real-world deployment of the framework at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign.

URLhttps://publish.illinois.edu/science-of-security-lablet/files/2014/05/Towards-an-Unified-Security-Te...
Citation Keynode-23295

Other available formats:

Towards an Unified Security Testbed and Security Analytics Framework