In this EAGER project, the University of Arkansas at Pine Bluff is carrying out a preliminary investigation into automatic intrusion detection and response for cyberinfrastructure-oriented systems. The aim of the project is to develop an extendable framework to automatically evaluate, measure, and rate security threats, i.e. intrusions within complex network systems linked together via cyberspace using software and hardware. The cyberinfrastructure consists of computing systems, data storage systems, data repositories and advanced instruments, and visualization environments, linked together by software and advanced networks to improve scientific productivity and enable breakthroughs not otherwise possible. The framework will be designed to operate as an active/programmable component of existing systems that will be automated, dynamic and adaptive. In addition, the project will use intrusion data from the University of Arkansas at Little Rock, Center for Excellence for Assurance, Security, and Software Usability, Research, and Education (ASSURE) to construct visual representations of intrusion behavior patterns and predictive models to forecast future attacks on such systems. The project is a targeted exploratory project that is novel, and has potentially significant value for the computer/network security, and information assurance communities within five core areas as they relate to cyberinfrastructure resourcesSecurity: (1) developing a unifying quantitative system for intrusions within cyberinfrastructureoriented systems (2) developing mechanisms to automatically appraise intrusions within cyberinfrastructure-oriented systems (3) developing security visualization models to represent intrusions within cyberinfrastructure-oriented systems to allow for the classification, and categorization of intrusion types, (4) expanding the expertise of faculty members at teaching oriented universities within the domain of cyberinfrastructure security (5) expanding the community of students exposed to cyberinfrastructure security concepts, theories, practices, and principles.
Intellectual Merit The intellectual merit of the proposed AIDR-COS project is to carve out a flexible security framework to examine intrusions within cyberinfrastructure-oriented systems. The project involves a number of unique interdisciplinary research issues such as identification of intrusion types within cyberinfrastructure-oriented systems, adaptive intrusion classification structures, dynamically generated solutions, and a unique quantitative measurement process. In addition, to the development of autonomous mechanisms based on automatic intrusion detection, response models to enable autonomous system adjustments depending on intrusion classes.
Broader Impacts The broader impacts of this project include: (1) new collaborations to expand the research/education community within the domain of cyberinfrastructure security, to include greater numbers of historically underrepresented minorities, and teaching-oriented universities, (2) expanding the ability of organizations to integrate in proven security solutions that harness available resources, thus extending the return on investment of the existing computing infrastructure and easing the integration of evolving cyberinfrastructure systems, (3) improving the ability of security engineers to develop security solutions for non-monolithic cyberinfrastructure systems, (4) developing avenues for sharing knowledge and resources as innovation takes place within the domain of cyberinfrastructure security as it relates to automatic intrusion detection and classification, and cyber security.
Computer and network security i.e. cyber security has become a matter of national security, economic, and social importance. Present-day attacks on the nation’s computer systems do not simply damage an isolated machine or disrupt an individual’s or single enterprise system. Instead, modern attacks target infrastructure that is integral to the economy, national defense, and daily life. The Automatic Intrusion Detection and Response system for Cyberinfrastructure-Oriented Systems (AIDR-COS), project was designed to automatically evaluate, measures, rates security threats, i.e. intrusions within complex network systems linked together via cyberspace by software and hardware. Our primary goal was to identify malicious multistage intrusion attacks. In our project we viewed intrusions as a plan recognition problem. Plan recognition is a common approach implemented in many sectors of cybersecurity in which an intruders actions or steps are mapped onto an intrusion scenario model, which indicates the intruders planning activities. The project was carried out in collaboration between the University of Arkansas at Pine Bluff, Computer Science Unit, and University of Arkansas at Little Rock, Center for Excellence for Assurance, Security, and Software Usability, Research, and Education (ASSURE). The project has enhanced the scientific knowledge in the approaches utilized to combat the growing issue of intrusion in cyberinfrastructure-oriented systems. The project has also, produced numerous research publications for both journals, and conferences. The project has also resulted in the creation of new curriculum particularly an undergraduate course is network forensics, and a graduate course in networking & security at the University of Arkansas at Pine Bluff. The project has also, created a summer camp at the University of Arkansas at Little Rock in network forensics.
