Project 306-CMU (1st year)
Network Security and Forensics - CMU
| In this project, we are working on three topics: coordinated anomaly early detection and forensics, fast polymorphic worm detection/traceback, and FSM (finite state machine) based packet content inspections. We are designing automated collaborative security architecture and protocols to protect a domain network from malicious polymorphic worm attacks. A concept of collaborative SecMon (Security Monitor) security model is proposed where a number of SecMons are deployed at different segments of a domain network to unitely provide a network anomaly detection and attack protection service. We are surveying polymorphic worm types and characterizing their behaviors, activities and transformation methods to gain a thorough understanding and knowledge of these types of worms. We will then focus on the polymorphic worm signature generation techniques and collaborative protocols for polymorphic worm detection. |
| In the International Collaboration, we have transfer the "Moonwalk" - a worm attack analysis tool prototypes (source codes and documents) from Professor Hui Zhang to our local environment. We have set up a domestic traffic trace data repository. It currently stores NTU campus traffic trace and we are currently negotiating with domestic ISPs to collect more traffic traces. Aweb site and FTP site are also set up for this project to share literatures and experiment data with CMU. |
| In the future, we will continue to work on collaborative or federated forensic investigation in Internet. The issues related to Internet cross-domain security management of interest include effective schemes for coordinated high-speed network traffic recording and trace; advanced theory and implementation techniques for forensic analysis; advanced techniques for proactive network security in forensic investigation; realization of high speed IDS expert system; and build a prototype Internet attack trace repository system. |
Member List
| Country | Organization | Full Name | Title | |
|---|---|---|---|---|
Taiwan |
TWISC |
Sun, Yeali S. |
PI |
|
Taiwan |
TWISC |
Chen, Meng-Chang |
Co-PI |
|
Taiwan |
TWISC |
Hsiao, Hsun-wen |
Student |
|
US |
CMU |
Hui Zhang |
Professor |
|
US |
CMU |
Michael Reiter |
Professor |
Required Documents (1st year)
Self-Assessment Presentation File (Internal Review Meeting)
Midterm Report (External Review Meeting)
Final Report (External Review Meeting)