TY - GEN
T1 - TRACTION: an infrastructure for Trusted Alert Sharing and Collaborative Mitigation
AU - Chung, Keywhan
AU - Cao, Phuong
AU - Wu, Yuming
AU - Kalbarczyk, Zbigniew T.
AU - Iyer, Ravishankar K.
AU - Withers, Alexander
N1 - Funding Information:
In designing TRACTION, we have used live traffic at NCSA to test the prototypes of individual components that will constitute the cornerstones of our design. The next step is to define an interface logic to allow for proper information flow among the components and across the sites. Acknowledgments This material is based upon work supported by the National Science Foundation under Grant No. 15-35070. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
PY - 2019/4/1
Y1 - 2019/4/1
N2 - Advanced Persistent Threats (APTs) are among the most sophisticated attacks targeting networked systems. Instead of exploiting a single vulnerability, an APT uses multiple attack vectors to achieve objectives and may remain undetected for an extended period of time by staying under the radar of the defender's detection techniques. Such threats are not only growing in scale but coordinating to attack high-value sites, including both cyber and physical systems. As coordinated APTs are hard to detect with the limited data that can be collected from a single site, there is a need to enrich the observation of attacks by sharing information on monitored events with trusted sites. In this paper, we present our preliminary design of a new and unique shared infrastructure, TRACTION (Trusted Alert Sharing and Collaborative Mitigation), which at its core is a probabilistic graphical model, specifically, a distributed factor graph (DFG) anchored at each site by a local FG. The DFG provides an umbrella for automated and secure threat intelligence sharing. The overarching goal is to perform analysis and stop coordinated APTs in a manner previously not possible. Our initial design, at the scale of a single site, has been demonstrated in a production network at the National Center for Supercomputing Applications (NCSA) [1] at the Univ. of Illinois [3].
AB - Advanced Persistent Threats (APTs) are among the most sophisticated attacks targeting networked systems. Instead of exploiting a single vulnerability, an APT uses multiple attack vectors to achieve objectives and may remain undetected for an extended period of time by staying under the radar of the defender's detection techniques. Such threats are not only growing in scale but coordinating to attack high-value sites, including both cyber and physical systems. As coordinated APTs are hard to detect with the limited data that can be collected from a single site, there is a need to enrich the observation of attacks by sharing information on monitored events with trusted sites. In this paper, we present our preliminary design of a new and unique shared infrastructure, TRACTION (Trusted Alert Sharing and Collaborative Mitigation), which at its core is a probabilistic graphical model, specifically, a distributed factor graph (DFG) anchored at each site by a local FG. The DFG provides an umbrella for automated and secure threat intelligence sharing. The overarching goal is to perform analysis and stop coordinated APTs in a manner previously not possible. Our initial design, at the scale of a single site, has been demonstrated in a production network at the National Center for Supercomputing Applications (NCSA) [1] at the Univ. of Illinois [3].
KW - Cyber Security
KW - Intrusion detection
KW - Security data sharing
UR - http://www.scopus.com/inward/record.url?scp=85068765560&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85068765560&partnerID=8YFLogxK
U2 - 10.1145/3314058.3317292
DO - 10.1145/3314058.3317292
M3 - Conference contribution
AN - SCOPUS:85068765560
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019
PB - Association for Computing Machinery
T2 - 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019
Y2 - 1 April 2019 through 3 April 2019
ER -