Event Details
Event Name: GCCIS PhD Colloquium Series
Category: Academic/College Events
Sub Category: GCCIS
Description: Probabilistic Modeling and Inference for Obfuscated Network Attack Sequences

Presentation by:
Haitao Du

Abstract: Facing diverse network attack strategies and overwhelming alters, much work has been devoted to correlate observed malicious events to pre-defined scenarios, attempting to deduce the attack plans based on expert models of how network attacks may transpire. Sophisticated attackers can, however, employ a number of obfuscation techniques to confuse the alert correlation engine or classifier. Recognizing the need for a systematic analysis of the impact of attack obfuscation, our work models attack strategies as general finite order Markov models and explicitly models obfuscated observations as noises. Taking into account that only finite observation window and limited computational time can be afforded, this work develops an algorithm to efficiently inference on the joint distribution of clean and obfuscated attack sequences. The inference algorithm recovers the optimal match of obfuscated sequences to attack models, and enables a systematic and quantitative analysis on the impact of obfuscation on attack classification.

Bio: Haitao Du received his B.S. degree in School of Telecommunications Engineering at the Xidian University, China in 2006. He is currently a Ph.D. candidate in the Computing and Information Sciences at Rochester Institute of Technology. His research focuses on machine learning and data mining for network security related problems. He has been working on several projects with Air Force Research Laboratory, DARPA, Boeing Phantom Works and Xerox Palo Alto Research Center (PARC). He also had internship experience with CSX Transportation and Xerox Corporation respectively.
Schedules: 05/02/2014   (11:00 AM - 12:00 PM)

Contact: Lorrie Jo Turner
Phone: 475-6193
Cost: Cost - Free