Research Assistants: J. Balasubramani, A. Bilger, H. Chang, D. Cole, M. Crosbie, B. Dole, W. Du, T. Ellis, L. Feinstein, C. Flack, C, Gray, S. Kazi, E. Kidder, B. Kopetsky, G. Krishnan, I. Krsul, M. Kuhn, T. Lane, S. W. Lodin, R. Marynowkski, T. Mastin, M. Miller, K. Nataraj, L. Nelson, L. Praza, K. Price, C. Schuba, S. Shah, K. F. Stein, A. Sundaram, T. Tuglular, A. Voss, D. Wang, K. Watson, K. Zamboni
Sponsors: DARPA, NSA
The goal of the proposed research is to develop pattern matching techniques and software for audit data reduction, and for anomaly and misuse detection in computer systems.
There are three broad subgoals:
The audit storage research deals with how such audit data may be stored such that it has minimal impact on local storage, but can be easily provided as input to an intrusion detection system or monitor. The compression of audit trail data should be tamper-resistant: That storage may be "signed" or monitored so that tampering will be evident (including the "signing" of distributed audit data collected centrally).
Pattern matching techniques for the detection of intrusion and misuse have new problematics, not previously considered in the traditional pattern matching settings.