Visible to the public TRACTION: An Infrastructure For TRusted Alert Sharing And Collaborative MitigaTION


Advanced Persistent Threats (APTs) are among the most sophisticated attacks targeting networked systems. Instead of exploiting a single vulnerability, an APT uses multiple attack vectors to achieve objectives and may remain undetected for an extended period of time by staying under the radar of the defender's detection techniques. Such threats are not only growing in scale but coordinating to attack high-value sites, including both cyber and physical systems. As coordinated APTs are hard to detect with the limited data that can be collected from a single site, there is a need to enrich the observation of attacks by sharing information on monitored events with trusted sites. In this paper, we present our preliminary design of a new and unique shared infrastructure, TRACTION (Trusted Alert Sharing and Collaborative Mitigation), which at its core is
a probabilistic graphical model, specifically, a distributed factor graph (DFG) anchored at each site by a local FG. The DFG provides an umbrella for automated and secure threat intelligence sharing. The overarching goal is to perform analysis and stop coordinated APTs in a manner previously not possible. Our initial design, at the scale of a single site, has been demonstrated in a production network at the National Center for Supercomputing Applications (NCSA) [1] at the Univ. of Illinois [3].


Keywhan Chung is a Ph.D. candidate at the University of Illinois with Professor Ravishankar Iyer and Professor Kalbarczyk. He received a B.S. degree in computer engineering from Purdue University and an M.S. degree in computer engineering from the University of Illinois. As a member of the DEPEND research group, his research focuses on developing efficient measures toward secure and reliable computer systems. His current work includes looking towards potential advanced threats such as indirect or smart attacks.

Creative Commons 2.5
Preview: Preview | Thumbnail | Medium | Image

Other available formats:     

TRACTION: An Infrastructure For TRusted Alert Sharing And Collaborative MitigaTION