My research interests are in the areas of Modeling and Recognition of Cyber Attacks, Scalable Detection of Cyber Attacks, Network Hardening, and Moving Target Defense.
One of the primary objectives of my research is to find efficient solutions to the problem of reducing massive
amounts of raw data to a manageable amount of actionable intelligence. Additionally, with today's extensive
availability of real-time data, many applications require the ability to monitor a large body of streaming data
in real-time in order to identify security threats.
Mission-Centric Operations within Vulnerable Networks
Large distributed networks are imperfect and vulnerable to multiple types of cyber attacks. This project aims at developing the theory and the algorithms required to securely operate missions on such networks. In order to achieve this innovative capability, three important questions must be addressed:
(1) How do we select a set of computational resources that is the most suitable to securely execute a mission? (2) How do we protect such set of resources? (3) How do we respond to incidents involving one or more of these resources? These problems are inherently complex, and exact solutions cannot be computed efficiently. The use of approximation schemes to find suboptimal solutions in a time-effective manner will be investigated.
When security incidents occur, the top three questions security administrators would ask are: What has happened? Why did it happen? What should I do? Answers to the first two questions form the core of Cyber Situation Awareness. My main contribution to this project consists in providing the capability to answer the first question efficiently. Indeed, the question becomes: What is happening? Attackers can exploit vulnerabilities to incrementally penetrate a network and compromise critical systems. The enormous amount of raw security data involved in the process and the complex interdependencies among vulnerabilities make manual analysis extremely labor-intensive and error-prone. To address this important problem, I proposed an automated framework to manage very large attack graphs and analyze high volumes of incoming alerts to detect occurrences of known attack patterns in real-time.