Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Computational Science University of Illinois at Urbana-Champaign 1 “Enabling Proactive Prediction, Avoidance, and Diagnosis by Providing Situational.

Published byDustin Hart Modified over 9 years ago

Similar presentations

Presentation on theme: "National Computational Science University of Illinois at Urbana-Champaign 1 “Enabling Proactive Prediction, Avoidance, and Diagnosis by Providing Situational."— Presentation transcript:

1 National Computational Science University of Illinois at Urbana-Champaign 1 “Enabling Proactive Prediction, Avoidance, and Diagnosis by Providing Situational Awareness to Human Operators” {a work in progress} Bill Yurcik National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign IBM Academy Conference on Proactive Problem Prediction, Avoidance, and Diagnosis April 28, 2003

2 National Computational Science University of Illinois at Urbana-Champaign 2 The Problem Current state of networked software systems –asymmetries of software bugs and security attacks –metrics show bad -> worse –increasing complexity of software systems –expectation of vigilant patching for vulnerabilities –point-and-click attack software requires little skill –surveys show insider security attacks greatest threat despite denial –critical infrastructures all depend on underlying automation Situational Awareness is Abysmal –“Is there a problem?” -> “Where is the problem?” -> “What is the problem?”

3 National Computational Science University of Illinois at Urbana-Champaign 3 Alternate Solutions 1)Acquiescence (learning to live with it) 2)Prevention (zero defect software engineering) 3)Detection (early and continuous) 4)Survivability (transparent recovery) a)human-in-the-loop decision-making for recovery b)autonomic computing (no human-in-the-loop) 5)Disaster Recovery and Backup 6)Deterrence (liability, retribution) …. Prediction? … either The Holy Grail or “Minority Report”

4 National Computational Science University of Illinois at Urbana-Champaign 4 Our Solution: SIFT Motivation: “Know Thy fill in the blank ” SIFT = Security Incident Fusion Tools NCSA Proposal – Increase Low-Level Situational Awareness to Human Operators (Anti-Autonomic Computing) –“Is there a problem?” -> “Where is the problem?” -> “What is the problem?” –leverage human cognitive abilities especially visual processing –continuous awareness of the security state of an entire network –Class B address space = 65K machines with 130K+ ports on each machine

5 National Computational Science University of Illinois at Urbana-Champaign 5 Prediction / Avoidance / Diagnosis Examples: –time-sequence of network-based attacks –software decay How? –Visualization –Profiling –Data Mining for Discovery

6 National Computational Science University of Illinois at Urbana-Champaign 6 Current Network Monitoring

7 National Computational Science University of Illinois at Urbana-Champaign 7 Discovery Across Network Logs

8 National Computational Science University of Illinois at Urbana-Champaign 8 Attributes Across Logs

9 National Computational Science University of Illinois at Urbana-Champaign 9 The Data Management Problem

10 National Computational Science University of Illinois at Urbana-Champaign 10 Four (4) Parallel Data Management Efforts

11 National Computational Science University of Illinois at Urbana-Champaign 11 SIFT Preliminary Results

12 National Computational Science University of Illinois at Urbana-Champaign 12 SIFT Preliminary Results: Security Monitoring Prototype LEGEND DRILL- DOWN VIEWS OPTIONS FOR 172 DIFFERENT VIEWS MAGNIFIER WIDGET NVisionIP

13 National Computational Science University of Illinois at Urbana-Champaign 13 Prototype Drill-Down Security Views

14 National Computational Science University of Illinois at Urbana-Champaign 14 Insights Thus Far … Humans are good at processing visual patterns (known) No expert knowledge required! Abstraction – finding the appropriate level of observation “What If” Question Bonanza Visual Debugging (problem-solving) The Millisecond Fantasy Holistic Macro/Micro Views vs Divide-and-Conquer Though we think in pictures, we are no good at describing pictures (save functions) Capturing the time dimension of high-dimension data via animation is incredibly engaging to humans Success depends on effective HCI –Looking at new ways to augment operators in complex environments… (anti-autonomic)

15 National Computational Science University of Illinois at Urbana-Champaign 15 Demo – NVisionIP:lite Cut to Demo and Pray it Works!

Download ppt "National Computational Science University of Illinois at Urbana-Champaign 1 “Enabling Proactive Prediction, Avoidance, and Diagnosis by Providing Situational."

Similar presentations

1 From Grids to Service-Oriented Knowledge Utilities research challenges Thierry Priol.

1 From Grids to Service-Oriented Knowledge Utilities research challenges Thierry Priol.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Overview of Live Computer System Capture and Triage Tool (CCTT)

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Overview of Live Computer System Capture and Triage Tool (CCTT)
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
4 Intelligent Systems.

4 Intelligent Systems.
David Kaufman Associate Administrator for Policy, Program Analysis, and International Affairs Toward More Resilient Futures: Putting Strategic Foresight.

David Kaufman Associate Administrator for Policy, Program Analysis, and International Affairs Toward More Resilient Futures: Putting Strategic Foresight.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
1 Network Analysis Visualization (NAV) Meghan Allen and Peter McLachlan December 15, 2004.

1 Network Analysis Visualization (NAV) Meghan Allen and Peter McLachlan December 15, 2004.
Security administrators The experts need better tools too!

Security administrators The experts need better tools too!
Computer Security: Principles and Practice

Computer Security: Principles and Practice
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Science and Engineering Practices

Science and Engineering Practices
AgVantage IT Services Systems Management Team Partnered with You and IBM® Agenda Disaster Recovery Service Disaster Recovery Service IT Visors IT Visors.

AgVantage IT Services Systems Management Team Partnered with You and IBM® Agenda Disaster Recovery Service Disaster Recovery Service IT Visors IT Visors.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
1 IBM Software Group ® Mastering Object-Oriented Analysis and Design with UML 2.0 Module 1: Best Practices of Software Engineering.

1 IBM Software Group ® Mastering Object-Oriented Analysis and Design with UML 2.0 Module 1: Best Practices of Software Engineering.

Similar presentations

Ads by Google