Automated Early Warning System for Cyber Intrusion Detection
Principal Investigators: Richard Carley, Carnegie Mellon University
Years of Award: 2021 - 2023
Managing Service Agency: Office of Naval Research
We are pursuing a basic program of research to explore the best strategy for developing a cyber security monitor for end-user computing devices. We envision that said cyber-security monitor would periodically extract various features of the ongoing device operations at the hardware level and
at other levels across the software stack (collectively the feature vectors). It would classify the sequence of feature vectors as Normal or Abnormal using Machine Learning techniques. And, it would include an interface to allow the properly trained human user to evaluate whether an Abnormal feature should be added to the Normal feature space or should be identified as an attack and quarantined.
Further, we will study ways a community of human users can collaborate in the detection of attacks and share information about feature vectors at a level that is universal among users and their devices. In order to carry out this research, we propose to develop a hierarchical simulation strategy that will model the extraction of feature vectors from various computing devices in response to particular instruction streams and that will model the behavior of human users that have been given certain instructions / training about how to respond to questions from the cyber security monitor. Finally, we propose to extend the simulation framework to allow research on how to best share information between the cyber-security monitors in the devices of a networked community.