Cyber Security

Advanced Technologies & Threat Intelligence for Cyber Security

Cyber Security Overview

Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. A range of traditional crimes are now being perpetrated through cyberspace. This includes the production and distribution of child pornography and child exploitation conspiracies, banking and financial fraud, intellectual property violations, and other crimes, all of which have substantial human and economic consequences.

Cyberspace is particularly difficult to secure due to a number of factors: the ability of malicious actors to operate from anywhere in the world, the linkages between cyberspace and physical systems, and the difficulty of reducing vulnerabilities and consequences in complex cyber networks. Of growing concern is the cyber threat to critical infrastructure, which is increasingly subject to sophisticated cyber intrusions that pose new risks. As information technology becomes increasingly integrated with physical infrastructure operations, there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services upon which our economy and the daily lives of millions of Americans depend. In light of the risk and potential consequences of cyber events, strengthening the security and resilience of cyberspace has become an important homeland security mission.

Security Analytical Tools & Platforms
  • Big Data, advanced analytics for cyber security
  • Behavior analytics, Machine Learnign, AI
  • Attack forensics and automated incident analysis
Adaptive to Best Practices
  • Implementing risk-based security framework
  • Security compliance, risk management, and policies
  • Automation impact on security management
Threat Intelligence Sharing
  • Cooperation with external partners
  • Regulators initatives
  • Threat sharing tools
  • Structured threat analysis infromation standards

View IFT’s Cyber Security Publications

  Publications

Cyber Security @ IFT

 A Network Sensor-Based Defense Framework for Active Network Security Situation Awareness and Impact Mitigation Networking technologies have given rise to today’s worldwide social, business, and military networks, and commercial networks in the United States has been growing explosively. Because these networks are vulnerable to various types of attacks, there is an urgent need for cyber security. Cyber-attacks are increasing in frequency, impact, and complexity, which demonstrate extensive network vulnerabilities with the potential for serious damage. For example, an attacker can hack into military sites’ information systems from the cyber network, resulting in significant impact using various attacking techniques, including worm/ malware propagation, botnet, low-rate distributed denial-of-service (DDoS), and various insider threats. State-sponsored hackers are attacking private sector and high-profile government assets online. Organized criminal networks are preying on vulnerable Internet users to make money from identity theft, fraud, and data hostage schemes using the botnets, remotely and stealthy controlled by a master using stepping-stone communication channels. Defending against these cyber attacks calls for the network security situation awareness (SA) through the distributed collaborative monitoring, detection, and mitigation. Such a system should be able to characterize, track, and mitigate security threats in a timely fashion. Note that SA is generally described as “knowing what is going on around the system and within that knowledge of surroundings and being able to identify which events in those surroundings are important”. SA is also a key in the ability to predict the adversary’s intention and important to cyber security.

Cyber Security Schematic

System Architecture of Proposed Defense Framework for Active Network Security Situation Awareness and Impact Mitigation

This Project effort resulted in a prototypical system based on the proposed network sensor-based defense framework for active network security situation awareness and impact mitigation. Our designed system includes four main components: (i) optimally configured and deployed network sensors; (ii) effective anomaly detection algorithms; (iii) a game-theoretic inference engine to conduct impact estimation and evaluation of mitigation strategies; and (iv) a multi-viewer-based visualization. To demonstrate the feasibility of our designed system in real-world practice, we developed a cyber-security testbed with three subnets: outside attackers, a production network with Snort and HoneyD deployed, database servers based on My Structured Query Language (MySQL), Web servers, and simulated insider attackers. In addition, we developed advanced anomaly detection and moving target defense (MTD) techniques to improve system resilience and agility, game theory-enabled impact mitigation and damage assessment, visualization for cyber-security information, and enhanced the testbed to integrate developed modules.

3D Traffic Visualization and Graphical User Interface (GUI)

Demonstration

The following shows our enhanced cyber-defense testbed architecture with three-player game-theoretic game analysis module. In detail, the game analysis reasons interactions between attackers, passive sensors, and active sensors. The passive sensor snort acts as one player to interact with an attacker, dynamic strategies are selected when snort is detecting different priority malicious behaviors. A honey net acts as another player (that can be camouflaged in the network) to help passive sensors to detect the cyber-attacks. The use of a Honeynet as a third player in the game model (few research studies or published papers use a three-player model). For the cyber research, game theory is relatively a new application and the use of a Honeynet is a unique aspect of the work that enhances game-theoretic developments over active and passive sensors.

Network Sensor-Based Testbed with 3-Player Game-Theoretical Analysis

Style Settings