Automatic Detection of Internet-based Cyberattacks
Over the last few years, the Internet has been repeatedly used as a medium to launch attacks against computer and communication subsystems. Such attacks, which are usually called cyber-attacks may disable a large number of computers, which may in turn paralyze critical infrastructures including telecommunications, provision of electric power, transportation, water supplies, athletic infrastructure, and commerce. Such cyber-attacks propagate rapidly and may have profound impact.
Our research targets the creation of early warning systems that can detect cyber-attacks quickly and can respond to them efficiently. Our recent focus has been on the direction of designing, implementing, and deploying early-warning systems that are able to detect computer attacks at their infancy.
- S. Antonatos, K. G. Anagnostakis, E. P. Markatos. Generating Realistic Workloads for Network Intrusion Detection Systems. Proceedings of the Fourth International Workshop on Software and Performance (WOSP2004), January 2004 (to appear). (pre-final draft pdf | compressed postscript)
- Cassandra is a utility that takes as an input a trace file and reports suspicious packets based on distinct destination counts.
- Packetgrep is a utility that given a trace file, a payload hash, and a payload length, reports all matching packets.
- Computer immunology S. Forrest, S. Hofmeyr, and A. Somayaji. Communications of the ACM, 40(10), pp. 88-96, 1997.
- Computer virus-antivirus coevolution Carey Nachenberg. Communications of the ACM, 40(1):47-51, Jan. 1997.
- New Directions in Traffic Measurement and Accounting C. Estan and G. Varghese, in Proceedings of the ACM SIGGCOMM Conference, 2002.
D1.1 - Requirements analysis