One size does not fit all: 10 years of applying context-aware security

Sushant Sinha; Michael Bailey; Farnam Jahanian

doi:10.1109/THS.2009.5168009

One size does not fit all: 10 years of applying context-aware security

Sushant Sinha, Michael Bailey, Farnam Jahanian

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Defenders of today's critical cyber-infrastructure (e.g., the Internet) are equipped with a wide array of security techniques including network-based intrusion detection systems (IDS), host-based anti-virus systems (AV), and decoy or reconnaissance systems such as host-based honeypots or network-based telescopes. While effective at detecting and mitigating some of the threats posed to critical infrastructure, the ubiquitous nature of malicious activity (e.g., phishing, spam, DDoS) on the Internet indicates that the current deployments of these tools do not fully live up to their promise. Over the past 10 years our research group has investigated ways of detecting and stopping cyber-attacks by using the context available in the network, host, and the environment. In this paper, we explain what exactly we mean by context, why it is difficult to measure, and what one can do with context when it is available. We illustrate these points by examining several studies in which context was used to enable or enhance new security techniques. We conclude with some ideas about the future of context-aware security.

Original language	English (US)
Title of host publication	2009 IEEE Conference on Technologies for Homeland Security, HST 2009
Pages	14-21
Number of pages	8
DOIs	https://doi.org/10.1109/THS.2009.5168009
State	Published - 2009
Externally published	Yes
Event	2009 IEEE Conference on Technologies for Homeland Security, HST 2009 - Waltham, MA, United States Duration: May 11 2009 → May 12 2009

Publication series

Name	2009 IEEE Conference on Technologies for Homeland Security, HST 2009

Other

Other	2009 IEEE Conference on Technologies for Homeland Security, HST 2009
Country/Territory	United States
City	Waltham, MA
Period	5/11/09 → 5/12/09

ASJC Scopus subject areas

Geography, Planning and Development
Law
Public Administration

Online availability

10.1109/THS.2009.5168009

Library availability

Discover UIUC Full Text

Cite this

One size does not fit all: 10 years of applying context-aware security. / Sinha, Sushant; Bailey, Michael; Jahanian, Farnam.
2009 IEEE Conference on Technologies for Homeland Security, HST 2009. 2009. p. 14-21 5168009 (2009 IEEE Conference on Technologies for Homeland Security, HST 2009).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sinha, S, Bailey, M & Jahanian, F 2009, One size does not fit all: 10 years of applying context-aware security. in 2009 IEEE Conference on Technologies for Homeland Security, HST 2009., 5168009, 2009 IEEE Conference on Technologies for Homeland Security, HST 2009, pp. 14-21, 2009 IEEE Conference on Technologies for Homeland Security, HST 2009, Waltham, MA, United States, 5/11/09. https://doi.org/10.1109/THS.2009.5168009

@inproceedings{5526276f118b446296a42cddecc33b23,

title = "One size does not fit all: 10 years of applying context-aware security",

abstract = "Defenders of today's critical cyber-infrastructure (e.g., the Internet) are equipped with a wide array of security techniques including network-based intrusion detection systems (IDS), host-based anti-virus systems (AV), and decoy or reconnaissance systems such as host-based honeypots or network-based telescopes. While effective at detecting and mitigating some of the threats posed to critical infrastructure, the ubiquitous nature of malicious activity (e.g., phishing, spam, DDoS) on the Internet indicates that the current deployments of these tools do not fully live up to their promise. Over the past 10 years our research group has investigated ways of detecting and stopping cyber-attacks by using the context available in the network, host, and the environment. In this paper, we explain what exactly we mean by context, why it is difficult to measure, and what one can do with context when it is available. We illustrate these points by examining several studies in which context was used to enable or enhance new security techniques. We conclude with some ideas about the future of context-aware security.",

author = "Sushant Sinha and Michael Bailey and Farnam Jahanian",

year = "2009",

doi = "10.1109/THS.2009.5168009",

language = "English (US)",

isbn = "9781424441785",

series = "2009 IEEE Conference on Technologies for Homeland Security, HST 2009",

pages = "14--21",

booktitle = "2009 IEEE Conference on Technologies for Homeland Security, HST 2009",

note = "2009 IEEE Conference on Technologies for Homeland Security, HST 2009 ; Conference date: 11-05-2009 Through 12-05-2009",

}

TY - GEN

T1 - One size does not fit all

T2 - 2009 IEEE Conference on Technologies for Homeland Security, HST 2009

AU - Sinha, Sushant

AU - Bailey, Michael

AU - Jahanian, Farnam

PY - 2009

Y1 - 2009

N2 - Defenders of today's critical cyber-infrastructure (e.g., the Internet) are equipped with a wide array of security techniques including network-based intrusion detection systems (IDS), host-based anti-virus systems (AV), and decoy or reconnaissance systems such as host-based honeypots or network-based telescopes. While effective at detecting and mitigating some of the threats posed to critical infrastructure, the ubiquitous nature of malicious activity (e.g., phishing, spam, DDoS) on the Internet indicates that the current deployments of these tools do not fully live up to their promise. Over the past 10 years our research group has investigated ways of detecting and stopping cyber-attacks by using the context available in the network, host, and the environment. In this paper, we explain what exactly we mean by context, why it is difficult to measure, and what one can do with context when it is available. We illustrate these points by examining several studies in which context was used to enable or enhance new security techniques. We conclude with some ideas about the future of context-aware security.

AB - Defenders of today's critical cyber-infrastructure (e.g., the Internet) are equipped with a wide array of security techniques including network-based intrusion detection systems (IDS), host-based anti-virus systems (AV), and decoy or reconnaissance systems such as host-based honeypots or network-based telescopes. While effective at detecting and mitigating some of the threats posed to critical infrastructure, the ubiquitous nature of malicious activity (e.g., phishing, spam, DDoS) on the Internet indicates that the current deployments of these tools do not fully live up to their promise. Over the past 10 years our research group has investigated ways of detecting and stopping cyber-attacks by using the context available in the network, host, and the environment. In this paper, we explain what exactly we mean by context, why it is difficult to measure, and what one can do with context when it is available. We illustrate these points by examining several studies in which context was used to enable or enhance new security techniques. We conclude with some ideas about the future of context-aware security.

UR - http://www.scopus.com/inward/record.url?scp=70449641716&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70449641716&partnerID=8YFLogxK

U2 - 10.1109/THS.2009.5168009

DO - 10.1109/THS.2009.5168009

M3 - Conference contribution

AN - SCOPUS:70449641716

SN - 9781424441785

T3 - 2009 IEEE Conference on Technologies for Homeland Security, HST 2009

SP - 14

EP - 21

BT - 2009 IEEE Conference on Technologies for Homeland Security, HST 2009

Y2 - 11 May 2009 through 12 May 2009

ER -

One size does not fit all: 10 years of applying context-aware security

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this