About Nexat paper in ACSAC 2011

Last week, our group attended ACSAC 2011. The conference was held in Buena Vista Palace, Orlando, Florida. I presented Nexat paper, and the feedbacks were encouraging.

Nexat was a research project in collaboration with Casey Cipriano, and Amir Houmansadr. Nexat tries to solve a problem a typical security administrator nowadays faces. The security administrators are normally overwhelmed with the amount of security alerts their monitoring tools generate. They also cannot keep up with the stream of the events and predict the next security related events. Therefore, the administrators are usually reactive.

The reason for this problem is that the battlefield of security is not even. A simple button hit by an attacker may cause thousands of alerts to be generated on administrators side. Nexat tries to even the field by deducing relationship between different sets of alerts. Nexat is able to detect related alerts (alerts which may be part of the same attack) and uses them to predict the next step of the attack. This way, Nexat lets the administrators to be one step ahead of the attackers. Nexat does not require a priori knowledge about attacks, which makes it able to detect and predict new types of attack as long as they are composed of detectable steps. We used the alerts generated by Snort in iCTF 2008.

About these ads

About azand

I'm a PhD student in computer security in University of California, Santa Barbara.
This entry was posted in Systems Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s