New Research Method Identifies Stealth Attacks on Complicated Computer Systems

October 15, 2015

BLACKSBURG, Va., Oct. 15 – Imagine millions of lines of instructions. Then try and picture how one extremely tiny anomaly could be found in almost real-time and prevent a cyber security attack.

A trio of Virginia Tech computer scientists has tested their innovation, called a “program anomaly detection approach,” against many real-world attacks.

One type of attack is when an adversary is able to remotely access a computer, bypassing authentication such as a login screen. A second example of attack is called heap feng shui where attackers hijack the control of a browser by manipulating its memory layout. Another example of attack is called directory harvesting where spammers interact with vulnerable mail servers to steal valid email addresses.

The prototype developed by the Virginia Tech scientists proved to be effective and reliable at these types of attacks with a false positive rate as low as 0.01 percent.

Their findings were reported this week in a presentation at the 22nd Association of Computing Machinery (ACM) Conference (http://www.sigsac.org/ccs/CCS2015/) on Computer and Communications Security, in Denver, Colorado.

“Our work, in collaboration with Naren Ramakrishnan (http://www.cs.vt.edu/user/ramakrishnan), is titled, “Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths,” said Danfeng (Daphne) Yao(http://www.cs.vt.edu/user/yao), associate professor of computer science at Virginia Tech. Xiaokui Shu a computer science doctoral student of Anqing, China, advised by Yao, was the first author.

“Stealthy attacks buried in long execution paths of a software program cannot be revealed by examining fragments of the path,” said Yao, who holds the title of the L-3 Communications Cyber Faculty Fellow of Computer Science.

“Modern exploits have manipulation tactics that hide them from existing detection tools. An example is an attacker who overwrites one of the variables before the actual authentication procedure,” Yao explained, “As a result, the attacker bypasses critical security control and logs in without authentication.”

Over time, these stealthy attacks on computer systems have just become more sophisticated.

The Virginia Tech computer scientists’ secret formula in finding a stealth attack is in their algorithms. With specific matrix-based pattern recognition, the three were able to analyze the execution path of a software program and discover correlations among events. “The idea is to profile the program’s behavior, determine how often some events are supposed to occur, and with which other events, and use this information to detect anomalous activity,” Ramakrishnan said.

“Because the approach works by analyzing the behavior of computer code, it can be used to study a variety of different attacks,” Yao added. Their anomaly detection algorithms were able to detect erratic program behaviors with very low false alarms even when there are complex and diverse execution patterns.

Yao and Ramakrishnan have lengthy portfolios in the study of malicious software and data mining.

In 2014, Yao received a U.S. Army Research Office Young Investigator award to detect anomalies that are caused by system compromises and malicious insiders. This award allowed her to design big data algorithms that focused on discovering logical relations among human activities. In 2010 she won a National Science Foundation CAREER award to develop software that differentiated human-user computer interaction from that of malware, commonly known as malicious software.

Ramakrishnan, who holds the Thomas L. Phillips Professorship of Engineering, directs Virginia Tech’s Discovery Analytics Center (http://dac.cs.vt.edu), supported by the Institute for Critical Technology and Applied Science(http://www.ictas.vt.edu). A Distinguished Scientist of the ACM, Ramakrishnan has concentrated his research on data mining, the science of processing massive quantities of data to discover patterns and to produce new insights.

The Office of Naval Research and the Army Research Office supported this new work.

Source: Virginia Tech

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Nvidia Touts Strong Results on Financial Services Inference Benchmark

February 3, 2023

The next-gen Hopper family may be on its way, but that isn’t stopping Nvidia’s popular A100 GPU from leading another benchmark on its way out. This time, it’s the STAC-ML inference benchmark, produced by the Securi Read more…

Quantum Computing Firm Rigetti Faces Delisting

February 3, 2023

Quantum computing companies are seeing their market caps crumble as investors patiently await out the winner-take-all approach to technology development. Quantum computing firms such as Rigetti Computing, IonQ and D-Wave went public through mergers with blank-check companies in the last two years, with valuations at the time of well over $1 billion. Now the market capitalization of these companies are less than half... Read more…

US and India Strengthen HPC, Quantum Ties Amid Tech Tension with China

February 2, 2023

Last May, the United States and India announced the “Initiative on Critical and Emerging Technology” (iCET), aimed at expanding the countries’ partnerships in strategic technologies and defense industries across th Read more…

Pittsburgh Supercomputing Enables Transparent Medicare Outcome AI

February 2, 2023

Medical applications of AI are replete with promise, but stymied by opacity: with lives on the line, concerns over AI models’ often-inscrutable reasoning – and as a result, possible biases embedded in those models Read more…

Europe’s LUMI Supercomputer Has Officially Been Accepted

February 1, 2023

“LUMI is officially here!” proclaimed the headline of a blog post written by Pekka Manninen, director of science and technology for CSC, Finland’s state-owned IT center. The EuroHPC-organized supercomputer’s most Read more…

AWS Solution Channel

Shutterstock 2069893598

Cost-effective and accurate genomics analysis with Sentieon on AWS

This blog post was contributed by Don Freed, Senior Bioinformatics Scientist, and Brendan Gallagher, Head of Business Development at Sentieon; and Olivia Choudhury, PhD, Senior Partner Solutions Architect, Sujaya Srinivasan, Genomics Solutions Architect, and Aniket Deshpande, Senior Specialist, HPC HCLS at AWS. Read more…

Microsoft/NVIDIA Solution Channel

Shutterstock 1453953692

Microsoft and NVIDIA Experts Talk AI Infrastructure

As AI emerges as a crucial tool in so many sectors, it’s clear that the need for optimized AI infrastructure is growing. Going beyond just GPU-based clusters, cloud infrastructure that provides low-latency, high-bandwidth interconnects and high-performance storage can help organizations handle AI workloads more efficiently and produce faster results. Read more…

Intel’s Gaudi3 AI Chip Survives Axe, Successor May Combine with GPUs

February 1, 2023

Intel's paring projects and products amid financial struggles, but AI products are taking on a major role as the company tweaks its chip roadmap to account for more computing specifically targeted at artificial intellige Read more…

Quantum Computing Firm Rigetti Faces Delisting

February 3, 2023

Quantum computing companies are seeing their market caps crumble as investors patiently await out the winner-take-all approach to technology development. Quantum computing firms such as Rigetti Computing, IonQ and D-Wave went public through mergers with blank-check companies in the last two years, with valuations at the time of well over $1 billion. Now the market capitalization of these companies are less than half... Read more…

US and India Strengthen HPC, Quantum Ties Amid Tech Tension with China

February 2, 2023

Last May, the United States and India announced the “Initiative on Critical and Emerging Technology” (iCET), aimed at expanding the countries’ partnership Read more…

Intel’s Gaudi3 AI Chip Survives Axe, Successor May Combine with GPUs

February 1, 2023

Intel's paring projects and products amid financial struggles, but AI products are taking on a major role as the company tweaks its chip roadmap to account for Read more…

Roadmap for Building a US National AI Research Resource Released

January 31, 2023

Last week the National AI Research Resource (NAIRR) Task Force released its final report and roadmap for building a national AI infrastructure to include comput Read more…

PFAS Regulations, 3M Exit to Impact Two-Phase Cooling in HPC

January 27, 2023

Per- and polyfluoroalkyl substances (PFAS), known as “forever chemicals,” pose a number of health risks to humans, with more suspected but not yet confirmed Read more…

Multiverse, Pasqal, and Crédit Agricole Tout Progress Using Quantum Computing in FS

January 26, 2023

Europe-based quantum computing pioneers Multiverse Computing and Pasqal, and global bank Crédit Agricole CIB today announced successful conclusion of a 1.5-yea Read more…

Critics Don’t Want Politicians Deciding the Future of Semiconductors

January 26, 2023

The future of the semiconductor industry was partially being decided last week by a mix of politicians, policy hawks and chip industry executives jockeying for Read more…

Riken Plans ‘Virtual Fugaku’ on AWS

January 26, 2023

The development of a national flagship supercomputer aimed at exascale computing continues to be a heated competition, especially in the United States, the Euro Read more…

Leading Solution Providers

Contributors

SC22 Booth Videos

AMD @ SC22
Altair @ SC22
AWS @ SC22
Ayar Labs @ SC22
CoolIT @ SC22
Cornelis Networks @ SC22
DDN @ SC22
Dell Technologies @ SC22
HPE @ SC22
Intel @ SC22
Intelligent Light @ SC22
Lancium @ SC22
Lenovo @ SC22
Microsoft and NVIDIA @ SC22
One Stop Systems @ SC22
Penguin Solutions @ SC22
QCT @ SC22
Supermicro @ SC22
Tuxera @ SC22
Tyan Computer @ SC22
  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire