JavaScript is currently turned off in your brower. The Daily Blast website relies heavily on JavaScript and will not work correctly without it. Please change your
settings to allow JavaScript on this site.
Academic Lectures / Courses
CS@Mines Seminar: Thursday, March 16, 2017 at 4pm -Brown Hall, Room 269
Department / Organization: Computer Science
"Building a Next Generation Enterprise Security Platform: High Fidelity Data Reduction for Big Data Dependency Analyses" Presented by Dr. Zhenyu Wu, NEC Laboratories America Inc., Princeton, NJ
Intrusive multi-step attacks, such as Advanced Persistent Threat (APT) attacks, have plagued enterprises with significant financial losses and are the top reason for enterprises to increase their security budgets. Since these attacks are sophisticated and stealthy, they can remain undetected for years if individual steps are buried in background "noise." Thus, enterprises are seeking solutions to connect the suspicious "dots" across multiple activities. This requires ubiquitous system auditing for long periods of time, which in turn causes overwhelmingly large amount of system audit events. Given a limited system budget, how to efficiently handle ever-increasing system audit logs is a great challenge. This paper proposes a new approach that exploits the dependency among system events to reduce the number of log entries while still supporting high-quality forensic analysis. In particular, we first propose an aggregation algorithm that preserves the dependency of events during data reduction to ensure the high quality of forensic analysis. Then we propose an aggressive reduction algorithm and exploit domain knowledge for further data reduction. To validate the efficacy of our proposed approach, we conduct a comprehensive evaluation on real-world auditing systems using log traces of more than one month. Our evaluation results demonstrate that our approach can significantly reduce the size of system logs and improve the efficiency of forensic analysis without losing accuracy.