Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.

Published byGlen Checkley Modified over 9 years ago

Similar presentations

Presentation on theme: "Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division."— Presentation transcript:

1 Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division August 2009

2 2Managed by UT-Battelle for the U.S. Department of Energy Overview Purpose Cyber Security Hacking Proactive digital forensics Attack graphs Universal Serial Bus (USB) exploits Registry and event logs Future work

3 3Managed by UT-Battelle for the U.S. Department of Energy Purpose Increase cyber security Identify possible cyber attacks as they occur Create attack graph of USB exploit Link event logs and registry data to attack graph Investigate theoretical proactive design

4 4Managed by UT-Battelle for the U.S. Department of Energy Cyber security Maintaining confidentiality, availability and access of information Identifying legitimate –Users –Requests –Tasks Preserving information integrity Mending network vulnerabilities Hacking prevention/detection

5 5Managed by UT-Battelle for the U.S. Department of Energy Cyber protection Growing need as fraudulent activity and electronic commerce increases Affecting industries dependent on –Networks –Computer Systems –Internet

6 6Managed by UT-Battelle for the U.S. Department of Energy Hacking Gaining unauthorized –Access –Control –Data Using technical knowledge and exposed information Cleaning tracks Preventing is difficult and expensive

7 7Managed by UT-Battelle for the U.S. Department of Energy Proactive digital forensics Anticipating hacker/exploit path Detecting hacker/exploit in process Collecting proper data immediately for judicial efforts Enhancing security

8 8Managed by UT-Battelle for the U.S. Department of Energy Attack graphs Communicate information about threats Display combinations of vulnerabilities Shows –Vulnerabilities as vertices –Hierarchical constraints as edges

9 9Managed by UT-Battelle for the U.S. Department of Energy USB attack Take milliseconds to initiate (drive by) Collect confidential documents Send worm through network Execute applications automatically Easy to develop, retrieve and unleash Occur unknowingly

10 10Managed by UT-Battelle for the U.S. Department of Energy Registry and event logs Standard on Windows Monitors events –Application –Security –System Identifies operations and information Essential for attack graph

11 11Managed by UT-Battelle for the U.S. Department of Energy Windows XP registry

12 12Managed by UT-Battelle for the U.S. Department of Energy Windows XP event logs

13 13Managed by UT-Battelle for the U.S. Department of Energy USB exploit attack graph

14 14Managed by UT-Battelle for the U.S. Department of Energy Theoretical proactive design

15 15Managed by UT-Battelle for the U.S. Department of Energy Conclusion Numerous of attack paths can be targeted Systematic and proactive approach can be reached Real-time detection and alerts Detailed recordings can be triggered for judicial efforts

16 16Managed by UT-Battelle for the U.S. Department of Energy Future work Create plug-in Implement design on test network Run trial exploit Research and prepare other exploits/attacks

17 17Managed by UT-Battelle for the U.S. Department of Energy Acknowlegments Louis P. Wilder, Christopher Lanclos, Sharon Hastings, Joe Trien George Seweryniak, Debbie McCoy, Rashida Askia and Cindy Latham The Research Alliance in Math and Science program is sponsored by the Office of Advanced Scientific Computing Research, U.S. Department of Energy. The work was performed at the Oak Ridge National Laboratory, which is managed by UT-Battelle, LLC under Contract No. De- AC05-00OR22725. This work has been authored by a contractor of the U.S. Government, accordingly, the U.S. Government retains a non-exclusive, royalty-free license to publish or reproduce the published form of this contribution, or allow others to do so, for U.S. Government purposes.

Download ppt "Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division."

Similar presentations

Accel Computerized Maintenance Management System.

Accel Computerized Maintenance Management System.
I would like to thank Louis P. Wilder and Dr. Joseph Trien for the opportunity to work on this project and for their continued support. The Research Alliance.

I would like to thank Louis P. Wilder and Dr. Joseph Trien for the opportunity to work on this project and for their continued support. The Research Alliance.
First Lego League of Tennessee Quentoria Leeks Fisk University Research Alliance in Math and Science Computer Applications and Web Technologies Networking.

First Lego League of Tennessee Quentoria Leeks Fisk University Research Alliance in Math and Science Computer Applications and Web Technologies Networking.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Managed by UT-Battelle for the Department of Energy 1 Mathematical Modeling of Fatty Acid Oxidation in Skeletal Muscle Cells Sheds New Light on Obesity.

Managed by UT-Battelle for the Department of Energy 1 Mathematical Modeling of Fatty Acid Oxidation in Skeletal Muscle Cells Sheds New Light on Obesity.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Cluster Computing Applications Project: Parallelizing BLAST The field of Bioinformatics needs faster string matching algorithms. What Exactly is BLAST?

Cluster Computing Applications Project: Parallelizing BLAST The field of Bioinformatics needs faster string matching algorithms. What Exactly is BLAST?
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,
O AK R IDGE N ATIONAL L ABORATORY U.S. D EPARTMENT OF E NERGY Cluster Computing Applications Project Parallelizing BLAST Research Alliance of Minorities.

O AK R IDGE N ATIONAL L ABORATORY U.S. D EPARTMENT OF E NERGY Cluster Computing Applications Project Parallelizing BLAST Research Alliance of Minorities.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 14: Troubleshooting Windows Server 2003 Networks.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 14: Troubleshooting Windows Server 2003 Networks.
Computer Software.

Computer Software.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
The Evaluation of an Embedded System for First Responders Nicholas Brabson The University of Tennessee David Hill Computational Sciences and Engineering.

The Evaluation of an Embedded System for First Responders Nicholas Brabson The University of Tennessee David Hill Computational Sciences and Engineering.
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.

Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Weigh-in-Motion User Manual For WIM Integrated System Cindy Lopez City University of New York – York College Research Alliance in Math and Science Computational.

Weigh-in-Motion User Manual For WIM Integrated System Cindy Lopez City University of New York – York College Research Alliance in Math and Science Computational.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Similar presentations

Ads by Google