CISE Seminar: October 23, 2020 – Raadhakrishnan Poovendran, University of Washington
Zoom Link: https://bostonu.zoom.us/j/9465617524
Meeting ID: 946 561 7524
3:00pm – 4:30pm
Raadhakrishnan Poovendran
University of Washington
A Game Theoretic Framework for Modeling and Mitigating Advanced Persistent Threats
Advanced Persistent Threats (APTs) are sophisticated attacks mounted by intelligent and resourceful adversaries who gain access to a targeted system and gather critical information over an extended period of time. APTs consist of multiple stages, including initial system compromise, privilege escalation, and data exfiltration, each of which involves strategic interaction between the APT and the targeted system. While this strategic interaction can be viewed as a game, the stealthiness, adaptiveness, and unpredictability of APTs imply that the information structure of the game and the strategies of the APT are not readily available. In this talk, we will present a game-theoretic approach to characterize the trade-off between effectiveness for detecting APTs and resource efficiency. Our approach to modeling APTs is based on the insight that the persistent nature of APTs introduces information flows in the system that can be monitored. One monitoring mechanism is Dynamic Information Flow Tracking (DIFT), which taints and tracks suspicious information flows through a system and performs security analysis on the tainted flows at designated locations. Since performing security analysis on all the flows will incur significant memory and performance overhead, efficient defense policies are needed to maximize the probability of detecting the APT while minimizing resource costs. In this work, we develop a multi-stage game framework for modeling the interaction between an APT and a DIFT, as well as designing an efficient DIFT-based defense. Our model is grounded on APT data gathered using the Refinable Attack Investigation (RAIN) flow-tracking framework. We will present the current state of our formulation, insights that it provides on designing effective defenses against APTs, and directions for future work.
Radha Poovendran is a Professor of the Electrical and Computer Engineering Department at the University of Washington (UW). He Founded the Network Security Lab (NSL@UW) at the University of Washington (2001). He holds BTech EE from IIT Bombay (1988), MS EE from University of Michigan (1992), and a Ph.D. ECE from the University of Maryland – College Park (1999). His research interests are in the areas of Network System Security, Security of Cyber-Physical Systems, Adversarial Modeling, Game and Control Theory in the context of Security. He is a Fellow of the IEEE for his contributions to security in cyber-physical systems. He is a recipient of the NSA LUCITE Rising Star Award (1999), NSF CAREER (2001), ARO YIP (2002), ONR YIP (2004), and PECASE (2005) for his research contributions to security. He is a recipient of an Outstanding Teaching Award and an Outstanding Research Advisor Award from UW EE (2002), a Graduate Mentor Award from Office of the Chancellor at UCSD (2006), and the University of Maryland ECE Distinguished Alumni Award (2016). He is a co-author of 2010 IEEE/IFIP William C. Carter Award Paper. He holds eight patents in security.
Faculty Host: Ioannis Paschalidis
Student Host: Saeed Mohammadzadeh