Title: S-MAIDS: A Semantic Model of Automated Intrusion Detection Systems
Speaker: Johnny Wong, Professor and Interim Chair, Iowa State University Computer Science
Abstract: As cyber threats increasingly utilize automated and adaptive attacks to bypass or overwhelm static defenses, the role of intrusion detection and response systems (IDRS) as an active defense layer is becoming more critical. To remain effective against current attacks IDRS must be capable of automating detection of, and response to, threats in their specific environment. Different operating characteristics, detection capabilities, and response actions all contribute to make each environment unique, complicating this automation.
In this work we consider IDRS automation in three areas: detector tuning, detector correlation, and response selection. We motivate and present a novel model of threats, detectors, and responses. Based on the concept of a “signal” (an observable indicator of an attack), we show the utility of combining such a model with an existing measure of IDRS performance to facilitate automated tuning, cross-system correlation, and response selection. We support our claims through several case-studies demonstrating the application of this model.
Speaker Bio: Johnny Wong is Professor & Interim Chair of the Computer Science Department at Iowa State University (ISU). His research interests include Software Systems & Networking, Security & Privacy, and Medical Informatics.
Most of his research projects are funded by government agencies and industries, including NSF, DoD, HHS, NIH, Mayo, etc. He is the President/CEO of a startup company EndoMetric Corporation, with software products for Medical Informatics. He is a co-director of the Smart Home Lab in the Department of Computer Science at ISU. He has served as a member of program committee of various international conferences on intelligent & software systems and networking. He was the Program co-Chair of the COMPSAC 2006 and General co-Chair of the COMPSAC 2008 conference, the IEEE Signature Conference on Computers, Software, and Applications. He is a member of the ACM and IEEE Computer Society. He has published over 150 papers in peer reviewed journals and conferences.