An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Automated Early Warning System for Cyber Intrusion

PI: Richard Carley, Carnegie Mellon

Year Selected for Award: 2020

Automated Early Warning System for Cyber Intrusion Detection

Principal Investigators: Richard Carley, Carnegie Mellon University

Years of Award:  2021 - 2023

Managing Service Agency: Office of Naval Research

Project Description:
We are pursuing a basic program of research to explore the best strategy for developing a cyber security monitor for end-user computing devices.  We envision that said cyber-security monitor would periodically extract various features of the ongoing device operations at the hardware level and
at other levels across the software stack (collectively the feature vectors). It would classify the sequence of feature vectors as Normal or Abnormal using Machine Learning techniques. And, it would include an interface to allow the properly trained human user to evaluate whether an Abnormal feature should be added to the Normal feature space or should be identified as an attack and quarantined.

Further, we will study ways a community of human users can collaborate in the detection of attacks and share information about feature vectors at a level that is universal among users and their devices. In order to carry out this research, we propose to develop a hierarchical simulation strategy that will model the extraction of feature vectors from various computing devices in response to particular instruction streams and that will model the behavior of human users that have been given certain instructions / training about how to respond to questions from the cyber security monitor. Finally, we propose to extend the simulation framework to allow research on how to best share information between the cyber-security monitors in the devices of a networked community.