Computer Networks Div.
Research
Division People
Division Publications
Presentations
Awards
Past Research
Software
Contact the Divsion

Postel Center for Experimental Networking
Center for Computer System Security

ISI Home
research

Computer Networks Division
Project Overview

An Algebra for Intrusion Correlation (LATTICED)

Principal Investigators: Brian Tung, Ted Faber

Summary:

Intrusion detection (ID) is an imperfect science. With state-of-the-art
techniques, simple attacks with unambiguous signatures can be detected
fairly easily, but trying to diagnose more complex attacks often results
in a flurry of false positives and undetected attacks.

This situation would be improved if ID systems could work together, so
that the weaknesses of one would be covered by the strengths of another. However, most of the recent work in combining ID results has focused on the protocol and architecture of the systems. Even a process as simple as corroboration--attempting to agree on a single attack diagnosis--is not assured with only protocol and architecture. Without an underlying body of theory, efforts to combine the results of multiple ID systems will still fail.

The LATTICE plan is to define a consistent and comprehensive way to
combine the results of multiple ID systems. The research will employ a
graph theory approach to representing the conclusions of individual ID
systems. Operators can be defined to combine the graph epresentations
of ID diagnoses in rigorous ways that can be comprehended and analyzed. The results generated by these methods can be understood as the conclusions of the multiple systems, taken as a whole. The outcome of this approach is a rigorous unifying of the abilities and strengths of all the involved ID systems.

Sponsor: NSF

 
 

 

 

Copyright © 2003 The University of Southern California. All RIGHTS RESERVED.
All trademarks mentioned herein belong to their respective owners.

 
 
USC Home Page ISI Home Page