A5022253423- Network Security and Intrusion Detection
- Advanced Malware Detection Techniques
- Software-Defined Networks and 5G
- Internet Traffic Analysis and Secure E-voting
- Security and Verification in Computing
- Software System Performance and Reliability
- Spam and Phishing Detection
- Information and Cyber Security
- Anomaly Detection Techniques and Applications
- Cloud Computing and Resource Management
- Software Engineering Research
- Opportunistic and Delay-Tolerant Networks
- Data Quality and Management
- Web Application Security Vulnerabilities
- Bluetooth and Wireless Communication Technologies
- Simulation Techniques and Applications
- Cloud Data Security Solutions
- Caching and Content Delivery
- Physical Unclonable Functions (PUFs) and Hardware Security
- Distributed and Parallel Computing Systems
- Advanced Memory and Neural Computing
- Complex Network Analysis Techniques
- IPv6, Mobility, Handover, Networks, Security
- Network Traffic and Congestion Control
- Cryptography and Data Security
SRI International
2015-2024
Menlo School
2013-2024
Kwangwoon University
2023
Korea Advanced Institute of Science and Technology
2023
Incheon National University
2023
Dankook University
2023
Texas A&M University
2013-2023
Mitchell Institute
2013
The Aerospace Corporation
1995-2003
University of California, Santa Barbara
1991-2003
The paper presents a new approach to representing and detecting computer penetrations in real time. approach, called state transition analysis, models as series of changes that lead from an initial secure target compromised state. State diagrams, the graphical representation penetrations, identify precisely requirements for compromise penetration present only critical events must occur successful completion penetration. diagrams are written correspond states actual system, these form basis...
Among the leading reference implementations of Software Defined Networking (SDN) paradigm is OpenFlow framework, which decouples control plane into a centralized application. In this paper, we consider two aspects that pose security challenges, and propose solutions could address these concerns. The first challenge inherent communication bottleneck arises between data plane, an adversary exploit by mounting "control saturation attack" disrupts network operations. Indeed, even well-mined...
AI techniques play an important role in automated malware classification. Several machine-learning methods have been applied to classify or cluster into families, based on different features derived from dynamic review of the malware. While these approaches demonstrate promise, they are themselves subject a growing array counter measures that increase cost capturing binary features. Further, feature extraction requires time investment per does not scale well daily volume instances being...
Within the hierarchy of Software Defined Network (SDN) network stack, control layer operates as critical middleware facilitator interactions between data plane and applications, which govern flow routing decisions. In OpenFlow implementation SDN model, layer, commonly referred to a operating system (NOS), has been realized by range competing implementations that offer various performance functionality advantages: Floodlight, POX, NOX, ONIX. this paper we focus on question resilience, when...
The paper describes an expert system development toolset called the Production-Based Expert System Toolset (P-BEST) and how it is employed in of a modern generic signature analysis engine for computer network misuse detection. For more than decade, earlier versions P-BEST have been used intrusion detection research some most well known systems, but this first time principles language are described to wide audience. We present rule sets detecting subversion methods against which there few...
Web-based surreptitious malware infections (i.e., drive-by downloads) have become the primary method used to deliver malicious software onto computers across Internet. To address this threat, we present a browser independent operating system kernel extension designed eliminate driveby installations. The BLADE (Block All Drive-by download Exploits) asserts that all executable files delivered through downloads must result from explicit user consent and transparently redirects every unconsented...
The OpenFlow (OF) switching specification represents an innovative and open standard for enabling the dynamic programming of flow control policies in production networks. Unfortunately, thus far researchers have paid little attention to development methods verifying that inserted within network do not violate network's underlying security policy. We introduce Flover, a model checking system which verifies aggregate instantiated does implemented Flover using Yices SMT solver, we then...
Emerging software defined network (SDN) stacks have introduced an entirely new attack surface that is exploitable from a wide range of launch points. Through analysis the various strategies reported in prior work, and through our own efforts to enumerate variant strategies, we gained two insights. First, observe different SDN controller implementations, developed independently by groups, seem manifest common sets pitfalls design weakness enable extensive set attacks compiled this paper....
A new approach to representing computer penetrations is introduced called penetration state transition analysis. This models as a series of transitions described in terms signature actions and descriptions. State diagrams are written correspond the states an actual system, these form basis rule-based expert system for detecting penetrations, referred STAT.< <ETX xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">></ETX>
We consider the problem of identifying obscure chat-like botnet command and control (C & C) communications, which are indistinguishable from human-human communication using traditional signature-based techniques. Existing passive-behavior-based anomaly detection techniques limited because they either require monitoring multiple bot-infected machines that belong to same or extended times. In this paper, we explore potential use active probing in a network middle-box as means augment...