Project 331 ( 3rd year )
Intrusion Detection and Prevention Technology Development and System Integration
| The goal of this project is to develop system, based on a number of different anomaly detection techniques to detect attacks against web servers and web-based applications. We are trying to analyze client queries that reference server-side programs and create models for a wide-range of different features of these queries. Examples of such features are access patterns of server-side programs or values of individual parameters in their invocation. Consequently, the use of application-specific characterization of the invocation parameters allows the system to perform focused analysis and produce a reduced number of false positives. In particular, there exists possibility that we may derive relationships between queries and adopt several features to identify a certain type of attack precisely. Based on prior work in iCAST, the another goal of this project is to automatically identify what types of novel attack are included in the attacks and recognize malicious intention of the attackers from the alert correlation results. We aim to enhance the detection ability of novel attacks under IDEAs(Intrusion Detection and Event Analysis system) and LLASA(Library of Learning Algorithm for Security Applications) from both aspects: retrieving knowledge form domain experts and developing advanced analysis techniques from machine learning. Because only a few labeled data are available in the network security applications, we will apply semi-supervised learning paradigm to use massive unlabeled data to help supervised learning. In the aspect of system development, we will seamlessly integrate IDEAs and LLASA for customization under different environments, whereas analyzers can dynamically deploy and evaluate the analysis paradigms. |
Achievements and Contributions
Member List
| Country | Organization | Full Name | Title | |
|---|---|---|---|---|
Taiwan |
TWISC |
Laih, Chi-Sung |
PI |
|
Taiwan |
TWISC |
Lee, Hahn-Ming |
Co-PI |
|
US |
CMU |
Tsuhan Chen |
CPI |
|
Taiwan |
TWISC |
Wang, Sheng-De |
Investigator |
|
Taiwan |
TWISC |
Lee, Yuh-Jye |
Investigator |
|
Taiwan |
TWISC |
Yang, Ching-Nung |
Investigator |
|
Taiwan |
TWISC |
Li, Jung-Shian |
Investigator |
|
Taiwan |
TWISC |
Wu, Yi-Leh |
Investigator |
|
Taiwan |
TWISC |
Pao, Hsing-Kuo |
Investigator |
|
Taiwan |
TWISC |
Lin, Heng-Sheng |
Assistant |
|
Taiwan |
TWISC |
Hsieh, Peng-Yueh |
Assistant |
|
Taiwan |
TWISC |
Kuo, Chien-Pang |
Assistant |
|
US |
CMU |
Christos Faloutsos |
CPI |
Project 300 Orgnization Chart (in Hanzi)
Required Documents (3rd year)
Self-Assessment Presentation File (Internal Review Meeting)
Midterm Report (External Review Meeting)
Final Report (External Review Meeting)