![[ College of Engineering ]](../media/graphics/coelogo.gif){kind=small}
![[ News and Information ]](../media/graphics/newsinfologo.gif){kind=small}
Security has become a major issue in the United States. Keeping our citizens, buildings and infrastructure safe is one concern; keeping computer networks safe from hackers is another.
According to Dr. Peng Ning, assistant professor of computer science at NC State, computer administrators are currently somewhat overwhelmed with security concerns. Trying to keep computer networks secure raises a paradox, however, that complicates the issue. If you make a computer system too secure, it becomes difficult for users to access. If you make it easy to use, the system will be exposed to attack and disruption.
Ning and Dr. Douglas S. Reeves, professor of computer science at NC State University, are working on a series of projects that they hope will improve intrusion detection systems for computer networks. Three grants — two from the National Science Foundation (NSF) and one from the Army Research Office (ARO) — help them with the work. The most recent NSF grant is for $415,099 and runs from September 15, 2002, through July 31, 2005; collaborators on this grant are Dr. Robert St. Amant, associate professor of computer science, and Dr. Christopher G. Healey, assistant professor of computer science.
Current technologies for intrusion detection are problematic because they focus on low-level attacks and tend to give many false alerts. As with the fable about the boy who cried wolf, operators tend to ignore such alerts. Therefore the focus of Ning and Reeves’ research is to find a way to decrease the number of false alerts but keep the security level of the system high.
Traditional alert systems typically depend on either anomaly detection or misuse detection. Anomaly detection flags any computer behavior that deviates from an established norm, and misuse detection is based on characteristics of past attacks, issuing an alert for any event that seems similar to prior attack events. “These techniques for intrusion detection have some known shortcomings,” said Reeves. “In our research we are trying to address some of these problems so detection techniques can be more effective.”
“We look for relationships among alerts,” explained Ning. “In a series of attacks, component attacks are usually not isolated, but related as different stages, with the earlier stages preparing for the later ones.” In other words, clusters of attack events are indicative of a true attack. Looking for patterns before declaring an alert is one way to reduce the number of false alerts.
Pattern recognition on this level currently requires human interpretation. For this reason, Ning and Reeves have included NC State colleagues St. Amant and Healey in a joint research effort for one NSF grant. St. Amant is an expert in human–computer interactions, and Healey’s area of specialization is visualization. “We are trying to integrate intrusion detection with human intelligence to improve performance of the detection system,” said Ning.
In another aspect of the research, funded by the ARO, Ning and Reeves and their research team are examining use of wireless networks in dynamic environments. Wireless ad-hoc networks are different from traditional wired networks in that the computing environment is fluid. This fluidity is an advantage in a physical environment that is constantly changing, such as a battlefield, but the system could be more vulnerable to disruption. Ning and Reeves are looking for the vulnerable points by examining relationships and applying their research techniques to this new situation.
Given their goal of making complex computer systems secure yet user-friendly, Ning and Reeves have a lot of work ahead. But the new methodology they’ve developed to examine attack patterns has the potential for widespread application to different kinds of systems, resulting in improved intrusion detection for all computer networks.
— rudd —
Media Contacts:
Dr. Peng Ning, 919/513-4457, ning@csc.ncsu.edu
Dr. Douglas S. Reeves, 919/515-2044, reeves@csc.ncsu.edu
Linda E. Rudd, 919/515-3848, linda_rudd@ncsu.edu
/ News Index / News Archives Index /