Small-to-medium sized businesses lack resources to deploy and manage high-end advanced solutions to deter sophisticated threats from well-funded adversaries, but evidence shows that these types of businesses are becoming key targets. As malicious code and network attacks become more sophisticated, classic signature-based virus and malware detection methods are less effective. To augment the current malware methods of detection, we developed a proactive approach to detect emerging malware threats using open source tools and intelligence to discover patterns and behaviors of malicious attacks and adversaries. Technical and analytical skills are combined to track adversarial behavior, methods and techniques.
We established a controlled (separated domain) network to identify, monitor, and track malware behavior to increase understanding of the methods and techniques used by cyber adversaries. We created a suite of tools that observe the network and system performance looking for anomalies that may be caused by malware. The toolset collects information from open-source tools and provides meaningful indicators that the system was under or has been attacked. When malware is discovered, we analyzed and reverse engineered it to determine how it could be detected and prevented. Results have shown that with minimum resources, cost effective capabilities can be developed to detect abnormal behavior that may indicate malicious software.
As more enterprises are enticed to move data to a cloud environment to enhance data sharing and reduce
operating costs by exploiting shared resources, concerns have risen over the ability to secure information
within the cloud. This paper examines how a traditional Identity and Access Control (IDAM) architecture can
be adapted to address security concerns of a cloud environment. We propose changing the paradigm of
IDAM form a pure trust model to a risk based model will enable information to be protected securely in a cloud
environment without impacting efficiencies of cloud environments.
A new mathematical model for the prediction of the security figure of merit of an assured
information system is proposed. The security effectiveness figure of merit is defined as a
multi-variate composite function of the strength of security mechanism, usability,
performance, and cost. The problem of determining the optimal set of security controls for a
given system is then formulated as mathematical optimization problem and the potential
methods of approach are addressed. The concept is illustrated with a simple example and the
conclusions bring out the benefits of the model.
An analytical performance model for a generic secure messaging system is formulated as a multi-class
queuing network. The model includes assessment of the impact of security features such as secret key
encryption/ decryption, signature generation/verification, and certificate validation, on overall performance.
Findings of sensitivity analysis with respect to message rate, WAN transmission link, SSL encryption,
message size, and distance between servers is also presented. Finally, the description of how the model can
be adopted for making performance based architectural design options is outlined.
Conference Committee Involvement (2)
Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009
15 April 2009 | Orlando, Florida, United States
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2007