In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy
will defend his dissertation proposal
Intrusion Detections Based on Network Packets Latency and Hacker’s Behavior
With the tremendous increases in dependency on the Internet for data access, data breach has become a serious threat to security and privacy of individuals and organizations. Hackers have use various techniques to hide their identity by routing their traffic via stepping-stone hosts or anonymous networks. In our research, we propose several intrusion detection methods based on the network packets latency and user behavior. In the past, hackers normally use previously compromised computers, as intermediate hops to hide their identities. As the circuit-based anonymous network, such as Tor emerges, it becomes much easier to go anonymous since the traffic is automatically routed through several hidden relays. However, these extra traffic bounces inside Tor create unique latency patterns among network packets. Therefore, we propose an anonymous intrusion detection system that utilizes the latency information extracted from the packets. In addition to anonymous attacks, insider threats are the cause of the biggest security breach out there, and they are very costly to remediate. The intruders or insiders often have valid system credentials, but perform malicious activities such as data exfiltration or system misuse on behalf of legitimate users. Presently, most of related research only relies on the statistical features of either the network data packets or the victim’s system log information. We hypothesis that a hacker’s cyber behavior will be different from that of a normal user. To combat this threat, we model a user’s cyber behavior with a user behavior-based temporal graph. With this model, we are able to detect intruders in the system by comparing hacker’s behavior against normal user’s behavior profile. Lastly, we propose a novel methodology that adopts deep learning models, such as Convolutional Neural Networks (CNN) to solve intrusion detection problems. This methodology overcomes some of the deficiencies we have found from traditional machine learning algorithms, such as perspective of full features representation, the complexity of the problem, and limitation to static classification applications. We evaluate our methodology on existing dataset, and show its strength on solving complex security problems. A single detection method may not be able to prevent data breach with high detection rate and low false positive rate. The network-based and behavior-based techniques can be combined to achieve better result in detection.
Date: Friday, January 11, 2019
Time: 3:00 PM
Place: PGH 550
Advisors: Dr. Stephen Huang
Faculty, students, and the general public are invited.