April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

New research method identifies stealth attacks on complicated computer systems

Xiaokui Shu and Daphane Yao

Blacksburg, VA, Octobeer 15 - Imagine millions of lines of instructions. Then try and picture how one extremely tiny anomaly could be found in almost real-time and prevent a cyber security attack.

A trio of Virginia Tech computer scientists has tested their innovation, called a "program anomaly detection approach," against many real-world attacks.

One type of attack is when an adversary is able to remotely access a computer, bypassing authentication such as a login screen. A second example of attack is called heap feng shui where attackers hijack the control of a browser by manipulating its memory layout. Another example of attack is called directory harvesting where spammers interact with vulnerable mail servers to steal valid email addresses.

The prototype developed by the Virginia Tech scientists proved to be effective and reliable at these types of attacks with a false positive rate as low as 0.01 percent.

Their findings were reported this week in a presentation at the 22nd Association of Computing Machinery (ACM) on Computer and Communications Security, in Denver, Colorado.

"Our work, in collaboration with Naren Ramakrishnan, is titled, "Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths," said Danfeng (Daphne) Yao, associate professor of computer science at Virginia Tech. Xiaokui Shu a computer science doctoral student of Anqing, China, advised by Yao, was the first author.

"Stealthy attacks buried in long execution paths of a software program cannot be revealed by examining fragments of the path," said Yao, who holds the title of the L-3 Communications Cyber Faculty Fellow of Computer Science.

"Modern exploits have manipulation tactics that hide them from existing detection tools. An example is an attacker who overwrites one of the variables before the actual authentication procedure," Yao explained, "As a result, the attacker bypasses critical security control and logs in without authentication."

Over time, these stealthy attacks on computer systems have just become more sophisticated.

The Virginia Tech computer scientists' secret formula in finding a stealth attack is in their algorithms. With specific matrix-based pattern recognition, the three were able to analyze the execution path of a software program and discover correlations among events. "The idea is to profile the program's behavior, determine how often some events are supposed to occur, and with which other events, and use this information to detect anomalous activity," Ramakrishnan said.

"Because the approach works by analyzing the behavior of computer code, it can be used to study a variety of different attacks," Yao added. Their anomaly detection algorithms were able to detect erratic program behaviors with very low false alarms even when there are complex and diverse execution patterns.

Yao and Ramakrishnan have lengthy portfolios in the study of malicious software and data mining.

In 2014, Yao received a U.S. Army Research Office Young Investigator award to detect anomalies that are caused by system compromises and malicious insiders. This award allowed her to design big data algorithms that focused on discovering logical relations among human activities. In 2010 she won a National Science Foundation CAREER award to develop software that differentiated human-user computer interaction from that of malware, commonly known as malicious software.

Ramakrishnan, who holds the Thomas L. Phillips Professorship of Engineering, directs Virginia Tech's Discovery Analytics Center, supported by the Institute for Critical Technology and Applied Science. A Distinguished Scientist of the ACM, Ramakrishnan has concentrated his research on data mining, the science of processing massive quantities of data to discover patterns and to produce new insights.

The Office of Naval Research and the Army Research Office supported this new work.

The College of Engineering at Virginia Tech is internationally recognized for its excellence in 14 engineering disciplines and computer science. The college's 7,800 undergraduates benefit from an innovative curriculum that provides a "hands-on, minds-on" approach to engineering education, complementing classroom instruction with two unique design-and-build facilities and a strong Cooperative Education Program. With more than 50 research centers and numerous laboratories, the college offers its 2,300 graduate students opportunities in advanced fields of study such as biomedical engineering, state-of-the-art microelectronics, and nanotechnology. Virginia Tech, the most comprehensive university in Virginia, is dedicated to quality, innovation, and results to the commonwealth, the nation, and the world.

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...