Cybersecurity Collaboratory

2013-2018

Cyberspace Threat Identification, Analysis and Proactive Response


This project is supported by Thomson Reuters in the framework of the Partner University Fund project "Cybersecurity Collaboratory: Cyberspace Threat Identification, Analysis and Proactive Response". The Partner University Fund is a program of the French Embassy in the United States and the FACE Foundation and is supported by American donors and the French government.

Project summary

Current advances in computing, networking, software and services are leading a future of ubiquitous cyberspace services (e.g., cloud services), which will touch all aspects of our life. These pervasive services will revolutionize the way we do business, maintain our health and conduct education. In this environment, cybersecurity represents a daunting challenge. Corporations, agencies, national infrastructures, and individuals have been victims of cyber-attacks. It has been estimated that Internet "malware" (worms, spyware, and the like) cost businesses over hundred billions of dollars, despite the rollouts of significant Internet security software. Clearly, current techniques for identifying and containing (network) attacks have significant limitations. They are not sufficiently flexible to handle the complexity, the dynamic nature and the epidemic behavior of cyber-attacks. The goal of this project is to investigate innovative research techniques to achieve resilient cybersecurity. Our approach relies on the following observations:
  1. reliable check of malicious traffic can only occur at the many final destinations of traffic;
  2. threat identification requires automated information sharing and cooperative risk analysis from all machines in a network akin to techniques utilized in disease control;
  3. rapid preventive and reactive response autonomic mechanisms to identified threats, which continuously increase the burden on the potential attackers by relying on the principle that "the best defense is offense"; and
  4. efficient self-management of the large volumes of automatically generated information shared between sites.