Privacy Enhanced Coordinated Enterprise Defense via Temporal and Topological Representation Learning
The objective of this project is to develop distributed algorithms to detect live zero-day attacks, as early as possible, through global analysis that leverages the power of big data, collected at multiple organizations. Our hypothesis is that such an inter-organizational globally coordinated effort will expose attacks within a short time frame when the attacks are still largely invisible to any single organization.
The fundamental research problem lies in detecting zero-day cyber attacks from anomalies in network traffic data and host logs, collected by multiple enterprises, in the face of two constraints: (i) privacy considerations that prevent a complete sharing of enterprise data with the global-analysis provider, and (ii) challenges in handling the large volume of data collected by multiple enterprises.
The impact of our work will be two-fold: First, it will lead to a significant reduction in the costs of large-scale cyberattacks through early detection. For example, if a Distributed Denial-of-Service (DDoS) attack is detected early at distributed sources through global coordination, the attack packets can be dropped before reaching the intended victim at some distant enterprise. Second, we project a significant reduction in the enterprise cost of security services through a reduction in the rate of false positives. Each false positive identified by a tool needs manual processing by a security analyst, which adds to costs.
Funders and Sponsors: