FY2010 - Oak Ridge National Laboratory

More documents

Recommendations

Info

Director’s R&D Fund— <strong>National</strong> Security Science and Technology 05281 Distributed Computational Intelligence for Active Response to Cyber-Threat Louis Wilder, Erik Ferragut, Craig A. Shue, Brent Lagesse, and Chris Rathgeb Project Description Computer and network attacks continue to grow exponentially, and the insider threat has become widespread. Currently, the intrusion detection system is the mitigation technique used to thwart these attacks. Misuse detection is the most common type of method used by the system. Yet, these systems are limited in their ability to detect zero-day attacks and suffer from high false positives. Additionally, they have poor scalability and have little or no situational awareness. Our project goal is to develop a unique capability in anomaly detection and active response to intrusions in Internet Protocol networks using both statistical host-level learning of normal user behavior and distributed computational intelligence for near-real-time reaction. This extends traditional intrusion detection tools by employing advanced probabilistic modeling to advance the statistical analyses. Quantified normal behaviors are shared ontologically within a hierarchical learning framework that will allow distributed monitoring, comparison, and storage of normal usage profiles. The framework also reacts to perceived threats (e.g., isolating network elements, or actively reconfiguring system components to prevent intrusion spread). This kind of analysis and defense capability is an indispensable aid for system administrators. It also provides users the ability to monitor system behaviors with previously unavailable detail. Mission Relevance DOE is responsible for the integrity and protection of the nation’s energy delivery systems, where cyber attacks may cause extreme consequences to public health and safety and the nation’s economy. DOE’s substantial cyber assets, its international visibility, its mission, and its open research make it a target for cyber attacks. This research aligns directly with the missions of DOE, the Intelligence Advanced Research Projects Activity, the Intelligence Community, and the Department of Homeland Security (DHS). These agencies are eager for tools to help analyze and detect suspicious anomalous activities. The research will help establish a capability that is essential for long-term cyber-space security and will establish ORNL as a leader in an area of cyberspace security traditionally deemed too difficult to solve. Additionally, the capability provides a novel application of sensor fusion that does not currently exist at any of the laboratories. Results and Accomplishments The resulting research has produced a prototype software framework that employs temporal ontologically based information in our anomaly detector for distributed intrusion detection with an active response. The framework provides algorithms that combine elements of learning, adaptation, and evolution to address the analysis and correlation of intrusion data. While researching the ontology-based approach, we discovered that using Latent Dirichlet Allocation as a method for classifying anomalous behavior over port events was viable for network monitoring. In addition, distinguishing whether anomalous behavior is malicious or benign has been a grand challenge; we have initiated an investigation of using Petri Nets to model this behavior and to provide a solution. 144
Director’s R&D Fund— <strong>National</strong> Security Science and Technology Looking forward, we have extended Petri nets to account for multiplayer control, utility functions, and concurrent behavior in preparation for active response. This research will benefit the Space and Missile Defense cyber operations center in Huntsville, Alabama, and will also provide a cyber defensive solution to the Automated Metering Infrastructure for Smart Grid applications programs at DHS and DOE. This year the tasking was focused considerably on the development of probabilistic algorithms for the hierarchical framework, especially in file integrity data and network traffic packet header captures across the ORNL perimeter, as well as system log data on user hosts. Bayesian Statistical Learning. We developed an advanced probability model using Bayesian online learning to determine parameters of a semi-Markov model of inter-arrival times. Although semi-Markov models are generally difficult to train, we took advantage of the highly stereotypical nature of computergenerated log events to extract dominant patterns using a lightweight, real-time algorithm. Furthermore, as the model is probabilistic, it can be used to automatically generate thresholds having a preselected false positive rate. Obtaining System Data for Ontology Development. We created sensors that capture live data for profiling where situational awareness, anomaly detection, and automated response are all based on profiling. These sensors capture events from system logs on Microsoft Windows, Linux, and the Macintosh operating systems, network-packet header data, and file modification events from our file integrity checkers. We have created automated data reduction algorithms for the log data. We have aligned the sensor output with domain-relevant ontologies, and further refinements are ongoing. Information Shared Ferragut, E., C. Shue, and B. Lagesse. 2010. “Intelligent Summarization of File Integrity Reports.” The International Symposium on Recent Advances in Intrusion Detection (RAID). Ferragut, E. 2010. “Distributed Computational Intelligence for Active Response to Cyber-Threat.” UT-Battelle Invention Disclosure 200902353, DOE S-115,393. Patent application in preparation. 05437 Standoff Detection and Imaging of Chemicals Ali Passian, Arpad Vass, Larry Senesac, and Thomas Thundat Project Description Development of novel standoff detection and imaging methods that can overcome the drawbacks of present techniques is essential in defeating the terrorist threat posed by the use of explosives and chemical and biological (CB) agents. Standoff detection of chemicals agents using techniques such as Raman and laser-induced breakdown spectroscopy use complex, bulky, and expensive equipment. Here we propose to develop a novel standoff detection and imaging technique based on reverse photoacoustic spectroscopy (RePAS) that can provide molecular signatures of chemicals with high specificity and sensitivity. The RePAS technique is based on the collection of scattered mid infrared light from suspected objects illuminated with tunable quantum cascade lasers (QCL). The captured light is used for exciting photoacoustic (PAS) signals on a quartz oscillator. The proposed approach leads to the development of portable devices with high sensitivity and selectivity. This sensor paradigm allows standoff detection 145
Page 1 and 2:
ORNL/PPA-2011/1 Laboratory Directed
Page 3:
ORNL/PPA-2011/1 Oak Ridge National
Page 6 and 7:
NEUTRON SCIENCES ..................
Page 8 and 9:
NATIONAL SECURITY SCIENCE AND TECHN
Page 10 and 11:
05887 Controlling the Catalytic Pro
Page 13 and 14:
Introduction INTRODUCTION The Labor
Page 15 and 16:
Introduction projects for next-gene
Page 17 and 18:
Introduction ― Develop new mode
Page 19 and 20:
Introduction To select the best and
Page 21 and 22:
Introduction Fig. 2. Distribution o
Page 23:
SUMMARIES OF PROJECTS SUPPORTED THR
Page 26 and 27:
Director’s R&D Fund— Science fo
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 53 and 54:
Director’s R&D Fund— Neutron Sc
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
05306 Structure and Structure Evolu
Page 67 and 68:
05404 Asynchronous In Situ Neutron
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Director’s R&D Fund— Ultrascale
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106: Director’s R&D Fund— Systems Bi
Page 117: Director’s R&D Fund— Systems Bi
Page 120 and 121: Director’s R&D Fund— Advanced E
Page 135 and 136: Director’s R&D Fund— Emerging S
Page 137 and 138: Director’s R&D Fund— Emerging S
Page 139: Director’s R&D Fund— Emerging S
Page 142 and 143: Director’s R&D Fund— Understand
Page 153 and 154: Director’s R&D Fund— National S
Page 155: Director’s R&D Fund— National S
Page 163: 05573 Rapid Radiochemistry Applicat
Page 166 and 167: Director’s R&D Fund— Energy Sto
Page 176 and 177: Director’s R&D Fund— General Re
Page 178 and 179: Director’s R&D Fund— General de
Page 180 and 181: Director’s R&D Fund— General su
Page 182 and 183: Director’s R&D Fund— General 05
Page 184 and 185: Director’s R&D Fund— General 20
Page 187 and 188: Seed Money Fund— Biosciences Divi
Page 193: Seed Money Fund— Biosciences Divi
Page 196 and 197: Seed Money Fund— Center for Nanop
Page 199 and 200: Seed Money Fund— Chemical Science
Page 205: Seed Money Fund— Chemical Science
Page 208 and 209:
Seed Money Fund— Computational Sc
Page 210 and 211:
Seed Money Fund— Computational Sc
Page 213 and 214:
Seed Money Fund— Computer Science
Page 215 and 216:
Seed Money Fund— Energy and Trans
Page 217 and 218:
Page 219:
Page 222 and 223:
Seed Money Fund— Environmental Sc
Page 224 and 225:
Seed Money Fund— Environmental Sc
Page 227 and 228:
Seed Money Fund— Fusion Energy Di
Page 229 and 230:
Seed Money Fund— Materials Scienc
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Seed Money Fund— Measurement Scie
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
05858 Fabrication of Ultrathin Grap
Page 249 and 250:
Page 251:
Page 254 and 255:
Seed Money Fund— Global Nuclear S
Page 256 and 257:
Seed Money Fund— Neutron Scatteri
Page 259 and 260:
Seed Money Fund— Reactor and Nucl
Page 261 and 262:
Page 263 and 264:
Page 265:
Page 268 and 269:
Seed Money Fund— Physics Division
Page 270 and 271:
Seed Money Fund— Physics Division
Page 272 and 273:
Seed Money Fund— Research Acceler
Page 275 and 276:
Laboratory-Wide Fellowships— Wein
Page 277 and 278:
Page 279 and 280:
Page 281:
Page 284 and 285:
Laboratory-Wide Fellowships— Wign
Page 286 and 287:
Laboratory-Wide Fellowships— Wign
Page 288 and 289:
Index of Project Contributors Coope
Page 290 and 291:
Index of Project Contributors Mille
Page 292 and 293:
Index of Project Contributors Yang,
Page 294:
Index of Project Numbers 05501 ....
show all

FY2010 - Oak Ridge National Laboratory

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?