Research

For an overview of our past research in this project, please see Highlights. See also Publications.

1. Thrust 1: Detecting Malicious Activity
The first step toward dealing with malicious activity on the Internet is to be aware of it. To that end, one of our major thrusts is in developing techniques that will enable system administrators and computer users to detect when malicious activity is being directed at their systems. The researchers involved are Dr. Knight, Dr. Lie, Dr. Van Oorschot, Dr. Somayaji, and Dr. Zulkernine.
• Covert Communication Systems
• Detecting Malicious HTTP Tunneling
• Computer Network Defense Sensors
• Aspect Oriented Programming for Intrusion Detection
• Evaluating Security Systems
2. Thrust 2: Mitigating Malicious Activity
Once malicious activity has been detected, it is crucial that there exist mechanisms to mitigate and neutralize the attacker to prevent any damage to the computer system. Mitigation may involve containment of the attacker, or the protection of sensitive data and resources from the attacker despite a partial compromise of the computer system. The researchers involved in this thrust are Dr. Lie, Dr. Van Oorschot, Dr. Zulkernine and Dr. Somayaji.
• Distributed Defenses Against DDoS Attacks
• Diversity-based Traffic Management
• Virtual Machine Monitor Support for Secure Commodity Systems
• Using Multi-Processor Systems for Intrusion Prevention
3. Thrust 3: Identifying Vulnerabilities
In an effort to avoid the affects of malicious activity altogether, this thrust looks at identifying and removing vulnerabilities from our computing systems so that even if malicious activity goes undetected and unmitigated, it will not allow the attacker to harm the computer systems. The researchers involved are Dr. Chechik, Dr. Knight, Dr. Lie, Dr. Van Oorschot and Dr. Somayaji.
• Static Analysis for Security Applications
• Exposure Maps